Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malfos infection (google redirect?)


  • This topic is locked This topic is locked
20 replies to this topic

#1 hawkeyes360

hawkeyes360

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 25 May 2012 - 08:43 AM

Hello. I am running windows 7 and noticed that when we search google (via explorer or firefox) we get redirected to ad sites every 5th or so time we click on a search result. I ran Malwarebytes, combofix and TDSS in regular mode (not safe mode). Malwarebytes found the Malfos and tried to remove it but I am still getting redirected. My reports are below and thank you in advance for your help.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

5/23/2012 8:18:00 PM
mbam-log-2012-05-23 (20-18-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319655
Time elapsed: 27 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Owner\AppData\Local\Temp\wpapry.dll (Trojan.Medfos) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wpapry (Trojan.Medfos) -> Data: rundll32.exe "C:\Users\Owner\AppData\Local\Temp\wpapry.dll",lMain -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\AppData\Local\Temp\wpapry.dll (Trojan.Medfos) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.

(end)


19:56:44.0226 4028 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
19:56:44.0610 4028 ============================================================
19:56:44.0610 4028 Current date / time: 2012/05/23 19:56:44.0610
19:56:44.0610 4028 SystemInfo:
19:56:44.0610 4028
19:56:44.0610 4028 OS Version: 6.1.7601 ServicePack: 1.0
19:56:44.0610 4028 Product type: Workstation
19:56:44.0610 4028 ComputerName: OWNER-PC
19:56:44.0610 4028 UserName: Owner
19:56:44.0610 4028 Windows directory: C:\windows
19:56:44.0610 4028 System windows directory: C:\windows
19:56:44.0610 4028 Running under WOW64
19:56:44.0610 4028 Processor architecture: Intel x64
19:56:44.0610 4028 Number of processors: 4
19:56:44.0610 4028 Page size: 0x1000
19:56:44.0610 4028 Boot type: Normal boot
19:56:44.0610 4028 ============================================================
19:56:44.0963 4028 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:44.0967 4028 ============================================================
19:56:44.0967 4028 \Device\Harddisk0\DR0:
19:56:44.0967 4028 MBR partitions:
19:56:44.0967 4028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
19:56:44.0968 4028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
19:56:44.0989 4028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
19:56:44.0989 4028 ============================================================
19:56:45.0032 4028 C: <-> \Device\Harddisk0\DR0\Partition1
19:56:45.0080 4028 D: <-> \Device\Harddisk0\DR0\Partition2
19:56:45.0080 4028 ============================================================
19:56:45.0080 4028 Initialize success
19:56:45.0080 4028 ============================================================
19:56:58.0196 5420 ============================================================
19:56:58.0196 5420 Scan started
19:56:58.0196 5420 Mode: Manual;
19:56:58.0196 5420 ============================================================
19:56:58.0598 5420 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:56:58.0602 5420 1394ohci - ok
19:56:58.0649 5420 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:56:58.0654 5420 ACPI - ok
19:56:58.0673 5420 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:56:58.0674 5420 AcpiPmi - ok
19:56:58.0745 5420 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:56:58.0753 5420 adp94xx - ok
19:56:58.0797 5420 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:56:58.0801 5420 adpahci - ok
19:56:58.0840 5420 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:56:58.0844 5420 adpu320 - ok
19:56:58.0880 5420 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:56:58.0881 5420 AeLookupSvc - ok
19:56:58.0954 5420 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:56:58.0960 5420 AFD - ok
19:56:59.0003 5420 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:56:59.0004 5420 agp440 - ok
19:56:59.0049 5420 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:56:59.0051 5420 ALG - ok
19:56:59.0079 5420 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:56:59.0080 5420 aliide - ok
19:56:59.0109 5420 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:56:59.0110 5420 amdide - ok
19:56:59.0149 5420 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:56:59.0151 5420 AmdK8 - ok
19:56:59.0157 5420 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
19:56:59.0159 5420 AmdPPM - ok
19:56:59.0199 5420 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:56:59.0202 5420 amdsata - ok
19:56:59.0244 5420 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:56:59.0247 5420 amdsbs - ok
19:56:59.0316 5420 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:56:59.0316 5420 amdxata - ok
19:56:59.0346 5420 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:56:59.0348 5420 AppID - ok
19:56:59.0384 5420 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:56:59.0386 5420 AppIDSvc - ok
19:56:59.0404 5420 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:56:59.0406 5420 Appinfo - ok
19:56:59.0519 5420 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:56:59.0522 5420 Apple Mobile Device - ok
19:56:59.0558 5420 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:56:59.0561 5420 arc - ok
19:56:59.0582 5420 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:56:59.0584 5420 arcsas - ok
19:56:59.0618 5420 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:56:59.0619 5420 AsyncMac - ok
19:56:59.0652 5420 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:56:59.0652 5420 atapi - ok
19:56:59.0871 5420 athr (16567ab05cd34f46d0dcbb129ca143c2) C:\windows\system32\DRIVERS\athrx.sys
19:56:59.0954 5420 athr - ok
19:57:00.0098 5420 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:57:00.0108 5420 AudioEndpointBuilder - ok
19:57:00.0118 5420 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:57:00.0125 5420 AudioSrv - ok
19:57:00.0160 5420 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:57:00.0164 5420 AxInstSV - ok
19:57:00.0258 5420 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:57:00.0265 5420 b06bdrv - ok
19:57:00.0308 5420 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:57:00.0312 5420 b57nd60a - ok
19:57:00.0393 5420 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:57:00.0397 5420 BBSvc - ok
19:57:00.0443 5420 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:57:00.0445 5420 BDESVC - ok
19:57:00.0480 5420 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:57:00.0481 5420 Beep - ok
19:57:00.0556 5420 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:57:00.0566 5420 BFE - ok
19:57:00.0631 5420 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
19:57:00.0645 5420 BITS - ok
19:57:00.0714 5420 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:57:00.0715 5420 blbdrive - ok
19:57:00.0788 5420 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:57:00.0795 5420 Bonjour Service - ok
19:57:00.0836 5420 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:57:00.0838 5420 bowser - ok
19:57:00.0878 5420 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:57:00.0879 5420 BrFiltLo - ok
19:57:00.0887 5420 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:57:00.0889 5420 BrFiltUp - ok
19:57:00.0938 5420 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:57:00.0941 5420 Browser - ok
19:57:00.0966 5420 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:57:00.0970 5420 Brserid - ok
19:57:00.0977 5420 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:57:00.0979 5420 BrSerWdm - ok
19:57:00.0996 5420 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:57:00.0999 5420 BrUsbMdm - ok
19:57:01.0003 5420 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:57:01.0004 5420 BrUsbSer - ok
19:57:01.0047 5420 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
19:57:01.0049 5420 BthEnum - ok
19:57:01.0068 5420 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:57:01.0069 5420 BTHMODEM - ok
19:57:01.0104 5420 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:57:01.0106 5420 BthPan - ok
19:57:01.0150 5420 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
19:57:01.0158 5420 BTHPORT - ok
19:57:01.0218 5420 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:57:01.0220 5420 bthserv - ok
19:57:01.0256 5420 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
19:57:01.0258 5420 BTHUSB - ok
19:57:01.0310 5420 BTWAMPFL (9de56fa4533e485ae5409d3c11747143) C:\windows\system32\DRIVERS\btwampfl.sys
19:57:01.0317 5420 BTWAMPFL - ok
19:57:01.0347 5420 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys
19:57:01.0350 5420 btwaudio - ok
19:57:01.0391 5420 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
19:57:01.0394 5420 btwavdt - ok
19:57:01.0515 5420 btwdins (6f38e50cfb506991b9d51e0f134b0df7) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:57:01.0529 5420 btwdins - ok
19:57:01.0571 5420 btwl2cap (e8d2bcd080ea91e74775b9f5ea051f97) C:\windows\system32\DRIVERS\btwl2cap.sys
19:57:01.0573 5420 btwl2cap - ok
19:57:01.0591 5420 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
19:57:01.0592 5420 btwrchid - ok
19:57:01.0628 5420 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:57:01.0630 5420 cdfs - ok
19:57:01.0672 5420 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:57:01.0676 5420 cdrom - ok
19:57:01.0730 5420 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:57:01.0732 5420 CertPropSvc - ok
19:57:01.0758 5420 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:57:01.0760 5420 circlass - ok
19:57:01.0799 5420 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:57:01.0804 5420 CLFS - ok
19:57:01.0910 5420 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:01.0912 5420 clr_optimization_v2.0.50727_32 - ok
19:57:01.0979 5420 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:57:01.0982 5420 clr_optimization_v2.0.50727_64 - ok
19:57:02.0070 5420 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:02.0073 5420 clr_optimization_v4.0.30319_32 - ok
19:57:02.0116 5420 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:57:02.0119 5420 clr_optimization_v4.0.30319_64 - ok
19:57:02.0149 5420 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:57:02.0150 5420 CmBatt - ok
19:57:02.0179 5420 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:57:02.0181 5420 cmdide - ok
19:57:02.0247 5420 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:57:02.0253 5420 CNG - ok
19:57:02.0289 5420 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:57:02.0290 5420 Compbatt - ok
19:57:02.0318 5420 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:57:02.0319 5420 CompositeBus - ok
19:57:02.0329 5420 COMSysApp - ok
19:57:02.0346 5420 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:57:02.0348 5420 crcdisk - ok
19:57:02.0396 5420 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:57:02.0399 5420 CryptSvc - ok
19:57:02.0527 5420 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:57:02.0536 5420 cvhsvc - ok
19:57:02.0610 5420 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:57:02.0622 5420 DcomLaunch - ok
19:57:02.0659 5420 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:57:02.0664 5420 defragsvc - ok
19:57:02.0726 5420 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:57:02.0729 5420 DfsC - ok
19:57:02.0785 5420 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:57:02.0790 5420 Dhcp - ok
19:57:02.0807 5420 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:57:02.0808 5420 discache - ok
19:57:02.0856 5420 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:57:02.0857 5420 Disk - ok
19:57:02.0885 5420 dlcg_device - ok
19:57:02.0918 5420 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:57:02.0921 5420 Dnscache - ok
19:57:02.0961 5420 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:57:02.0965 5420 dot3svc - ok
19:57:02.0986 5420 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:57:02.0989 5420 DPS - ok
19:57:03.0028 5420 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:57:03.0029 5420 drmkaud - ok
19:57:03.0090 5420 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:57:03.0100 5420 DXGKrnl - ok
19:57:03.0137 5420 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:57:03.0139 5420 EapHost - ok
19:57:03.0315 5420 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:57:03.0436 5420 ebdrv - ok
19:57:03.0554 5420 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:57:03.0556 5420 EFS - ok
19:57:03.0644 5420 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:57:03.0654 5420 ehRecvr - ok
19:57:03.0683 5420 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:57:03.0686 5420 ehSched - ok
19:57:03.0780 5420 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:57:03.0788 5420 elxstor - ok
19:57:03.0817 5420 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:57:03.0818 5420 ErrDev - ok
19:57:03.0881 5420 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\windows\system32\DRIVERS\ETD.sys
19:57:03.0884 5420 ETD - ok
19:57:03.0937 5420 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:57:03.0944 5420 EventSystem - ok
19:57:03.0994 5420 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:57:03.0998 5420 exfat - ok
19:57:04.0023 5420 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:57:04.0026 5420 fastfat - ok
19:57:04.0105 5420 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:57:04.0117 5420 Fax - ok
19:57:04.0150 5420 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:57:04.0151 5420 fdc - ok
19:57:04.0174 5420 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:57:04.0175 5420 fdPHost - ok
19:57:04.0188 5420 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:57:04.0190 5420 FDResPub - ok
19:57:04.0225 5420 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:57:04.0227 5420 FileInfo - ok
19:57:04.0232 5420 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:57:04.0234 5420 Filetrace - ok
19:57:04.0239 5420 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:57:04.0240 5420 flpydisk - ok
19:57:04.0272 5420 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:57:04.0276 5420 FltMgr - ok
19:57:04.0362 5420 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:57:04.0380 5420 FontCache - ok
19:57:04.0466 5420 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:57:04.0467 5420 FontCache3.0.0.0 - ok
19:57:04.0525 5420 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:57:04.0527 5420 FsDepends - ok
19:57:04.0570 5420 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:57:04.0571 5420 Fs_Rec - ok
19:57:04.0614 5420 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:57:04.0617 5420 fvevol - ok
19:57:04.0645 5420 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:57:04.0647 5420 gagp30kx - ok
19:57:04.0675 5420 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:57:04.0676 5420 GEARAspiWDM - ok
19:57:04.0765 5420 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:57:04.0778 5420 gpsvc - ok
19:57:04.0806 5420 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:57:04.0808 5420 hcw85cir - ok
19:57:04.0847 5420 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:57:04.0852 5420 HdAudAddService - ok
19:57:04.0883 5420 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:57:04.0885 5420 HDAudBus - ok
19:57:04.0904 5420 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:57:04.0906 5420 HidBatt - ok
19:57:04.0916 5420 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:57:04.0918 5420 HidBth - ok
19:57:04.0940 5420 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:57:04.0941 5420 HidIr - ok
19:57:04.0968 5420 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:57:04.0970 5420 hidserv - ok
19:57:04.0996 5420 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:57:04.0997 5420 HidUsb - ok
19:57:05.0020 5420 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:57:05.0023 5420 hkmsvc - ok
19:57:05.0065 5420 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:57:05.0069 5420 HomeGroupListener - ok
19:57:05.0107 5420 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:57:05.0112 5420 HomeGroupProvider - ok
19:57:05.0154 5420 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:57:05.0157 5420 HpSAMD - ok
19:57:05.0221 5420 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:57:05.0231 5420 HTTP - ok
19:57:05.0271 5420 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:57:05.0272 5420 hwpolicy - ok
19:57:05.0319 5420 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:57:05.0321 5420 i8042prt - ok
19:57:05.0388 5420 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
19:57:05.0394 5420 iaStor - ok
19:57:05.0450 5420 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:57:05.0456 5420 iaStorV - ok
19:57:05.0580 5420 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:57:05.0593 5420 idsvc - ok
19:57:06.0096 5420 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
19:57:06.0280 5420 igfx - ok
19:57:06.0396 5420 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:57:06.0397 5420 iirsp - ok
19:57:06.0458 5420 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:57:06.0468 5420 IKEEXT - ok
19:57:06.0501 5420 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
19:57:06.0503 5420 Impcd - ok
19:57:06.0659 5420 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\windows\system32\drivers\RTKVHD64.sys
19:57:06.0677 5420 IntcAzAudAddService - ok
19:57:06.0802 5420 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
19:57:06.0808 5420 IntcDAud - ok
19:57:06.0841 5420 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:57:06.0842 5420 intelide - ok
19:57:06.0874 5420 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:57:06.0875 5420 intelppm - ok
19:57:06.0899 5420 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:57:06.0902 5420 IPBusEnum - ok
19:57:06.0928 5420 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:57:06.0930 5420 IpFilterDriver - ok
19:57:06.0989 5420 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:57:06.0998 5420 iphlpsvc - ok
19:57:07.0018 5420 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:57:07.0020 5420 IPMIDRV - ok
19:57:07.0040 5420 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:57:07.0042 5420 IPNAT - ok
19:57:07.0161 5420 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:57:07.0176 5420 iPod Service - ok
19:57:07.0195 5420 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:57:07.0196 5420 IRENUM - ok
19:57:07.0239 5420 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:57:07.0240 5420 isapnp - ok
19:57:07.0269 5420 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:57:07.0275 5420 iScsiPrt - ok
19:57:07.0304 5420 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:57:07.0305 5420 kbdclass - ok
19:57:07.0333 5420 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:57:07.0334 5420 kbdhid - ok
19:57:07.0370 5420 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:57:07.0372 5420 KeyIso - ok
19:57:07.0390 5420 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:57:07.0391 5420 KSecDD - ok
19:57:07.0407 5420 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:57:07.0410 5420 KSecPkg - ok
19:57:07.0449 5420 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:57:07.0450 5420 ksthunk - ok
19:57:07.0495 5420 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:57:07.0502 5420 KtmRm - ok
19:57:07.0556 5420 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
19:57:07.0562 5420 LanmanServer - ok
19:57:07.0595 5420 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:57:07.0600 5420 LanmanWorkstation - ok
19:57:07.0999 5420 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
19:57:08.0125 5420 LeapFrog Connect Device Service - ok
19:57:08.0239 5420 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
19:57:08.0241 5420 Leapfrog-USBLAN - ok
19:57:08.0289 5420 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:57:08.0291 5420 lltdio - ok
19:57:08.0334 5420 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:57:08.0340 5420 lltdsvc - ok
19:57:08.0365 5420 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:57:08.0367 5420 lmhosts - ok
19:57:08.0404 5420 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:57:08.0407 5420 LSI_FC - ok
19:57:08.0438 5420 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:57:08.0440 5420 LSI_SAS - ok
19:57:08.0457 5420 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:57:08.0458 5420 LSI_SAS2 - ok
19:57:08.0478 5420 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:57:08.0480 5420 LSI_SCSI - ok
19:57:08.0515 5420 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:57:08.0518 5420 luafv - ok
19:57:08.0566 5420 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:57:08.0569 5420 Mcx2Svc - ok
19:57:08.0605 5420 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:57:08.0606 5420 megasas - ok
19:57:08.0641 5420 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:57:08.0646 5420 MegaSR - ok
19:57:08.0682 5420 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:57:08.0685 5420 MMCSS - ok
19:57:08.0701 5420 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:57:08.0703 5420 Modem - ok
19:57:08.0722 5420 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:57:08.0723 5420 monitor - ok
19:57:08.0744 5420 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:57:08.0745 5420 mouclass - ok
19:57:08.0779 5420 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:57:08.0782 5420 mouhid - ok
19:57:08.0809 5420 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:57:08.0811 5420 mountmgr - ok
19:57:08.0898 5420 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:57:08.0901 5420 MozillaMaintenance - ok
19:57:08.0945 5420 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:57:08.0948 5420 mpio - ok
19:57:08.0966 5420 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:57:08.0968 5420 mpsdrv - ok
19:57:09.0035 5420 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:57:09.0049 5420 MpsSvc - ok
19:57:09.0068 5420 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:57:09.0071 5420 MRxDAV - ok
19:57:09.0110 5420 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:57:09.0114 5420 mrxsmb - ok
19:57:09.0138 5420 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:57:09.0142 5420 mrxsmb10 - ok
19:57:09.0164 5420 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:57:09.0166 5420 mrxsmb20 - ok
19:57:09.0194 5420 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:57:09.0194 5420 msahci - ok
19:57:09.0218 5420 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:57:09.0220 5420 msdsm - ok
19:57:09.0249 5420 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:57:09.0253 5420 MSDTC - ok
19:57:09.0269 5420 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:57:09.0271 5420 Msfs - ok
19:57:09.0284 5420 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:57:09.0285 5420 mshidkmdf - ok
19:57:09.0297 5420 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:57:09.0298 5420 msisadrv - ok
19:57:09.0332 5420 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:57:09.0335 5420 MSiSCSI - ok
19:57:09.0338 5420 msiserver - ok
19:57:09.0357 5420 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:57:09.0358 5420 MSKSSRV - ok
19:57:09.0362 5420 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:57:09.0363 5420 MSPCLOCK - ok
19:57:09.0367 5420 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:57:09.0368 5420 MSPQM - ok
19:57:09.0404 5420 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:57:09.0409 5420 MsRPC - ok
19:57:09.0430 5420 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:57:09.0431 5420 mssmbios - ok
19:57:09.0441 5420 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:57:09.0443 5420 MSTEE - ok
19:57:09.0458 5420 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:57:09.0459 5420 MTConfig - ok
19:57:09.0486 5420 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:57:09.0487 5420 Mup - ok
19:57:09.0535 5420 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:57:09.0543 5420 napagent - ok
19:57:09.0600 5420 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:57:09.0606 5420 NativeWifiP - ok
19:57:09.0680 5420 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
19:57:09.0692 5420 NDIS - ok
19:57:09.0729 5420 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:57:09.0731 5420 NdisCap - ok
19:57:09.0752 5420 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:57:09.0753 5420 NdisTapi - ok
19:57:09.0787 5420 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:57:09.0788 5420 Ndisuio - ok
19:57:09.0815 5420 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:57:09.0817 5420 NdisWan - ok
19:57:09.0833 5420 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:57:09.0835 5420 NDProxy - ok
19:57:09.0865 5420 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:57:09.0867 5420 NetBIOS - ok
19:57:09.0896 5420 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:57:09.0899 5420 NetBT - ok
19:57:09.0944 5420 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:57:09.0945 5420 Netlogon - ok
19:57:09.0989 5420 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:57:09.0996 5420 Netman - ok
19:57:10.0026 5420 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:57:10.0034 5420 netprofm - ok
19:57:10.0136 5420 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:57:10.0139 5420 NetTcpPortSharing - ok
19:57:10.0179 5420 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:57:10.0181 5420 nfrd960 - ok
19:57:10.0235 5420 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:57:10.0240 5420 NlaSvc - ok
19:57:10.0449 5420 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:57:10.0478 5420 NOBU - ok
19:57:10.0589 5420 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:57:10.0591 5420 Npfs - ok
19:57:10.0627 5420 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:57:10.0630 5420 nsi - ok
19:57:10.0644 5420 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:57:10.0645 5420 nsiproxy - ok
19:57:10.0758 5420 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:57:10.0781 5420 Ntfs - ok
19:57:10.0886 5420 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:57:10.0887 5420 Null - ok
19:57:10.0937 5420 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:57:10.0940 5420 nvraid - ok
19:57:10.0968 5420 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:57:10.0972 5420 nvstor - ok
19:57:11.0010 5420 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:57:11.0013 5420 nv_agp - ok
19:57:11.0020 5420 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:57:11.0022 5420 ohci1394 - ok
19:57:11.0131 5420 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:11.0135 5420 ose - ok
19:57:11.0392 5420 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:57:11.0509 5420 osppsvc - ok
19:57:11.0629 5420 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:57:11.0636 5420 p2pimsvc - ok
19:57:11.0680 5420 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:57:11.0688 5420 p2psvc - ok
19:57:11.0772 5420 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:57:11.0775 5420 Parport - ok
19:57:11.0815 5420 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:57:11.0816 5420 partmgr - ok
19:57:11.0856 5420 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:57:11.0860 5420 PcaSvc - ok
19:57:11.0881 5420 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:57:11.0884 5420 pci - ok
19:57:11.0909 5420 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:57:11.0911 5420 pciide - ok
19:57:11.0926 5420 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:57:11.0930 5420 pcmcia - ok
19:57:11.0949 5420 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:57:11.0950 5420 pcw - ok
19:57:11.0994 5420 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:57:12.0003 5420 PEAUTH - ok
19:57:12.0106 5420 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:57:12.0108 5420 PerfHost - ok
19:57:12.0211 5420 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:57:12.0232 5420 pla - ok
19:57:12.0312 5420 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:57:12.0322 5420 PlugPlay - ok
19:57:12.0371 5420 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:57:12.0373 5420 PNRPAutoReg - ok
19:57:12.0417 5420 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:57:12.0422 5420 PNRPsvc - ok
19:57:12.0465 5420 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:57:12.0473 5420 PolicyAgent - ok
19:57:12.0520 5420 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:57:12.0525 5420 Power - ok
19:57:12.0594 5420 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:57:12.0597 5420 PptpMiniport - ok
19:57:12.0614 5420 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:57:12.0616 5420 Processor - ok
19:57:12.0650 5420 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:57:12.0655 5420 ProfSvc - ok
19:57:12.0685 5420 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:57:12.0687 5420 ProtectedStorage - ok
19:57:12.0719 5420 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:57:12.0721 5420 Psched - ok
19:57:12.0829 5420 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:57:12.0851 5420 ql2300 - ok
19:57:12.0964 5420 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:57:12.0968 5420 ql40xx - ok
19:57:13.0007 5420 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:57:13.0013 5420 QWAVE - ok
19:57:13.0033 5420 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:57:13.0034 5420 QWAVEdrv - ok
19:57:13.0039 5420 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:57:13.0041 5420 RasAcd - ok
19:57:13.0080 5420 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:57:13.0082 5420 RasAgileVpn - ok
19:57:13.0114 5420 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:57:13.0117 5420 RasAuto - ok
19:57:13.0141 5420 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:57:13.0144 5420 Rasl2tp - ok
19:57:13.0174 5420 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:57:13.0181 5420 RasMan - ok
19:57:13.0201 5420 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:57:13.0203 5420 RasPppoe - ok
19:57:13.0238 5420 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:57:13.0240 5420 RasSstp - ok
19:57:13.0268 5420 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:57:13.0273 5420 rdbss - ok
19:57:13.0289 5420 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:57:13.0290 5420 rdpbus - ok
19:57:13.0310 5420 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:57:13.0311 5420 RDPCDD - ok
19:57:13.0319 5420 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:57:13.0320 5420 RDPENCDD - ok
19:57:13.0337 5420 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:57:13.0337 5420 RDPREFMP - ok
19:57:13.0373 5420 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:57:13.0376 5420 RDPWD - ok
19:57:13.0421 5420 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:57:13.0423 5420 rdyboost - ok
19:57:13.0456 5420 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:57:13.0459 5420 RemoteAccess - ok
19:57:13.0496 5420 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:57:13.0499 5420 RemoteRegistry - ok
19:57:13.0547 5420 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:57:13.0551 5420 RFCOMM - ok
19:57:13.0597 5420 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:57:13.0598 5420 RimUsb - ok
19:57:13.0623 5420 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:57:13.0627 5420 RpcEptMapper - ok
19:57:13.0664 5420 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:57:13.0666 5420 RpcLocator - ok
19:57:13.0734 5420 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:57:13.0741 5420 RpcSs - ok
19:57:13.0793 5420 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:57:13.0795 5420 rspndr - ok
19:57:13.0818 5420 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
19:57:13.0821 5420 RTL8167 - ok
19:57:13.0924 5420 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
19:57:13.0925 5420 rtport - ok
19:57:13.0959 5420 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
19:57:13.0959 5420 SABI - ok
19:57:13.0994 5420 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:57:13.0995 5420 SamSs - ok
19:57:14.0037 5420 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:57:14.0040 5420 sbp2port - ok
19:57:14.0071 5420 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:57:14.0075 5420 SCardSvr - ok
19:57:14.0091 5420 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:57:14.0092 5420 scfilter - ok
19:57:14.0163 5420 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:57:14.0184 5420 Schedule - ok
19:57:14.0221 5420 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:57:14.0222 5420 SCPolicySvc - ok
19:57:14.0263 5420 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:57:14.0269 5420 SDRSVC - ok
19:57:14.0355 5420 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:57:14.0358 5420 SeaPort - ok
19:57:14.0418 5420 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:57:14.0419 5420 secdrv - ok
19:57:14.0440 5420 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:57:14.0443 5420 seclogon - ok
19:57:14.0460 5420 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:57:14.0463 5420 SENS - ok
19:57:14.0483 5420 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:57:14.0486 5420 SensrSvc - ok
19:57:14.0504 5420 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:57:14.0506 5420 Serenum - ok
19:57:14.0528 5420 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:57:14.0530 5420 Serial - ok
19:57:14.0546 5420 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:57:14.0547 5420 sermouse - ok
19:57:14.0580 5420 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:57:14.0582 5420 SessionEnv - ok
19:57:14.0586 5420 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:57:14.0587 5420 sffdisk - ok
19:57:14.0593 5420 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:57:14.0594 5420 sffp_mmc - ok
19:57:14.0598 5420 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:57:14.0599 5420 sffp_sd - ok
19:57:14.0606 5420 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:57:14.0608 5420 sfloppy - ok
19:57:14.0687 5420 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:57:14.0695 5420 Sftfs - ok
19:57:14.0798 5420 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:57:14.0805 5420 sftlist - ok
19:57:14.0874 5420 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:57:14.0877 5420 Sftplay - ok
19:57:14.0903 5420 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:57:14.0904 5420 Sftredir - ok
19:57:14.0930 5420 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:57:14.0931 5420 Sftvol - ok
19:57:14.0990 5420 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:57:14.0994 5420 sftvsa - ok
19:57:15.0054 5420 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:57:15.0062 5420 SharedAccess - ok
19:57:15.0101 5420 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:57:15.0108 5420 ShellHWDetection - ok
19:57:15.0154 5420 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:57:15.0155 5420 SiSRaid2 - ok
19:57:15.0172 5420 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:57:15.0174 5420 SiSRaid4 - ok
19:57:15.0214 5420 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:57:15.0217 5420 Smb - ok
19:57:15.0250 5420 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:57:15.0252 5420 SNMPTRAP - ok
19:57:15.0268 5420 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:57:15.0269 5420 spldr - ok
19:57:15.0307 5420 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:57:15.0316 5420 Spooler - ok
19:57:15.0495 5420 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:57:15.0517 5420 sppsvc - ok
19:57:15.0626 5420 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:57:15.0631 5420 sppuinotify - ok
19:57:15.0699 5420 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:57:15.0707 5420 srv - ok
19:57:15.0741 5420 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:57:15.0747 5420 srv2 - ok
19:57:15.0786 5420 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:57:15.0789 5420 srvnet - ok
19:57:15.0844 5420 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:57:15.0850 5420 SSDPSRV - ok
19:57:15.0921 5420 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
19:57:15.0922 5420 SSPORT - ok
19:57:15.0938 5420 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:57:15.0942 5420 SstpSvc - ok
19:57:15.0966 5420 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:57:15.0967 5420 stexstor - ok
19:57:16.0037 5420 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:57:16.0048 5420 stisvc - ok
19:57:16.0068 5420 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:57:16.0068 5420 swenum - ok
19:57:16.0133 5420 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:57:16.0145 5420 swprv - ok
19:57:16.0241 5420 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:57:16.0264 5420 SysMain - ok
19:57:16.0370 5420 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:57:16.0375 5420 TabletInputService - ok
19:57:16.0403 5420 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:57:16.0411 5420 TapiSrv - ok
19:57:16.0432 5420 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:57:16.0435 5420 TBS - ok
19:57:16.0576 5420 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:57:16.0598 5420 Tcpip - ok
19:57:16.0808 5420 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:57:16.0820 5420 TCPIP6 - ok
19:57:16.0923 5420 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:57:16.0924 5420 tcpipreg - ok
19:57:16.0943 5420 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:57:16.0944 5420 TDPIPE - ok
19:57:16.0968 5420 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:57:16.0970 5420 TDTCP - ok
19:57:16.0992 5420 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:57:16.0994 5420 tdx - ok
19:57:17.0027 5420 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:57:17.0027 5420 TermDD - ok
19:57:17.0090 5420 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:57:17.0103 5420 TermService - ok
19:57:17.0127 5420 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:57:17.0129 5420 Themes - ok
19:57:17.0158 5420 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:57:17.0160 5420 THREADORDER - ok
19:57:17.0186 5420 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:57:17.0189 5420 TrkWks - ok
19:57:17.0250 5420 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:57:17.0252 5420 TrustedInstaller - ok
19:57:17.0272 5420 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:57:17.0273 5420 tssecsrv - ok
19:57:17.0293 5420 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:57:17.0294 5420 TsUsbFlt - ok
19:57:17.0312 5420 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:57:17.0314 5420 TsUsbGD - ok
19:57:17.0352 5420 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:57:17.0355 5420 tunnel - ok
19:57:17.0363 5420 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:57:17.0365 5420 uagp35 - ok
19:57:17.0401 5420 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:57:17.0405 5420 udfs - ok
19:57:17.0456 5420 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:57:17.0459 5420 UI0Detect - ok
19:57:17.0491 5420 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:57:17.0493 5420 uliagpkx - ok
19:57:17.0523 5420 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:57:17.0524 5420 umbus - ok
19:57:17.0528 5420 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:57:17.0529 5420 UmPass - ok
19:57:17.0555 5420 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:57:17.0562 5420 upnphost - ok
19:57:17.0619 5420 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:57:17.0621 5420 USBAAPL64 - ok
19:57:17.0650 5420 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:57:17.0652 5420 usbccgp - ok
19:57:17.0678 5420 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:57:17.0681 5420 usbcir - ok
19:57:17.0702 5420 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
19:57:17.0703 5420 usbehci - ok
19:57:17.0733 5420 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:57:17.0738 5420 usbhub - ok
19:57:17.0762 5420 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:57:17.0764 5420 usbohci - ok
19:57:17.0803 5420 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:57:17.0805 5420 usbprint - ok
19:57:17.0846 5420 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:57:17.0848 5420 usbscan - ok
19:57:17.0869 5420 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:57:17.0871 5420 USBSTOR - ok
19:57:17.0880 5420 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:57:17.0882 5420 usbuhci - ok
19:57:17.0933 5420 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:57:17.0937 5420 usbvideo - ok
19:57:17.0959 5420 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:57:17.0963 5420 UxSms - ok
19:57:17.0998 5420 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:57:18.0000 5420 VaultSvc - ok
19:57:18.0042 5420 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:57:18.0043 5420 vdrvroot - ok
19:57:18.0086 5420 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:57:18.0097 5420 vds - ok
19:57:18.0120 5420 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:57:18.0121 5420 vga - ok
19:57:18.0138 5420 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:57:18.0139 5420 VgaSave - ok
19:57:18.0163 5420 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:57:18.0167 5420 vhdmp - ok
19:57:18.0181 5420 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:57:18.0182 5420 viaide - ok
19:57:18.0221 5420 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:57:18.0222 5420 volmgr - ok
19:57:18.0247 5420 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:57:18.0252 5420 volmgrx - ok
19:57:18.0275 5420 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:57:18.0279 5420 volsnap - ok
19:57:18.0330 5420 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:57:18.0333 5420 vsmraid - ok
19:57:18.0434 5420 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:57:18.0459 5420 VSS - ok
19:57:18.0563 5420 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:57:18.0565 5420 vwifibus - ok
19:57:18.0599 5420 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
19:57:18.0601 5420 vwififlt - ok
19:57:18.0625 5420 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
19:57:18.0626 5420 vwifimp - ok
19:57:18.0681 5420 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:57:18.0688 5420 W32Time - ok
19:57:18.0719 5420 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:57:18.0722 5420 WacomPen - ok
19:57:18.0760 5420 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:57:18.0762 5420 WANARP - ok
19:57:18.0765 5420 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:57:18.0766 5420 Wanarpv6 - ok
19:57:18.0867 5420 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:57:18.0883 5420 WatAdminSvc - ok
19:57:18.0982 5420 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:57:19.0004 5420 wbengine - ok
19:57:19.0120 5420 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:57:19.0126 5420 WbioSrvc - ok
19:57:19.0163 5420 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:57:19.0172 5420 wcncsvc - ok
19:57:19.0186 5420 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:57:19.0189 5420 WcsPlugInService - ok
19:57:19.0246 5420 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:57:19.0247 5420 Wd - ok
19:57:19.0294 5420 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:57:19.0302 5420 Wdf01000 - ok
19:57:19.0329 5420 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:57:19.0332 5420 WdiServiceHost - ok
19:57:19.0336 5420 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:57:19.0338 5420 WdiSystemHost - ok
19:57:19.0365 5420 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:57:19.0371 5420 WebClient - ok
19:57:19.0403 5420 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:57:19.0408 5420 Wecsvc - ok
19:57:19.0432 5420 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:57:19.0436 5420 wercplsupport - ok
19:57:19.0473 5420 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:57:19.0476 5420 WerSvc - ok
19:57:19.0537 5420 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:57:19.0538 5420 WfpLwf - ok
19:57:19.0561 5420 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:57:19.0563 5420 WIMMount - ok
19:57:19.0606 5420 WinDefend - ok
19:57:19.0616 5420 WinHttpAutoProxySvc - ok
19:57:19.0694 5420 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:57:19.0698 5420 Winmgmt - ok
19:57:19.0831 5420 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:57:19.0857 5420 WinRM - ok
19:57:20.0011 5420 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:57:20.0014 5420 WinUsb - ok
19:57:20.0086 5420 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:57:20.0102 5420 Wlansvc - ok
19:57:20.0178 5420 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:57:20.0180 5420 wlcrasvc - ok
19:57:20.0350 5420 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:57:20.0377 5420 wlidsvc - ok
19:57:20.0470 5420 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:57:20.0472 5420 WmiAcpi - ok
19:57:20.0532 5420 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:57:20.0536 5420 wmiApSrv - ok
19:57:20.0589 5420 WMPNetworkSvc - ok
19:57:20.0636 5420 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:57:20.0639 5420 WPCSvc - ok
19:57:20.0665 5420 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:57:20.0670 5420 WPDBusEnum - ok
19:57:20.0693 5420 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:57:20.0694 5420 ws2ifsl - ok
19:57:20.0714 5420 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
19:57:20.0718 5420 wscsvc - ok
19:57:20.0722 5420 WSearch - ok
19:57:20.0857 5420 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:57:20.0886 5420 wuauserv - ok
19:57:20.0987 5420 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:57:20.0990 5420 WudfPf - ok
19:57:21.0044 5420 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:57:21.0047 5420 WUDFRd - ok
19:57:21.0072 5420 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:57:21.0076 5420 wudfsvc - ok
19:57:21.0102 5420 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:57:21.0108 5420 WwanSvc - ok
19:57:21.0166 5420 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
19:57:21.0171 5420 yukonw7 - ok
19:57:21.0228 5420 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
19:57:21.0505 5420 \Device\Harddisk0\DR0 - ok
19:57:21.0510 5420 Boot (0x1200) (d86296289dfe272b6ddfc3a38aad5bac) \Device\Harddisk0\DR0\Partition0
19:57:21.0513 5420 \Device\Harddisk0\DR0\Partition0 - ok
19:57:21.0552 5420 Boot (0x1200) (4218cf2e71e09223979976e617bfc780) \Device\Harddisk0\DR0\Partition1
19:57:21.0554 5420 \Device\Harddisk0\DR0\Partition1 - ok
19:57:21.0576 5420 Boot (0x1200) (6af1510be2cad020bf847144c772e974) \Device\Harddisk0\DR0\Partition2
19:57:21.0578 5420 \Device\Harddisk0\DR0\Partition2 - ok
19:57:21.0579 5420 ============================================================
19:57:21.0579 5420 Scan finished
19:57:21.0579 5420 ============================================================
19:57:21.0596 5244 Detected object count: 0
19:57:21.0596 5244 Actual detected object count: 0
19:57:57.0455 3028 ============================================================
19:57:57.0455 3028 Scan started
19:57:57.0455 3028 Mode: Manual; SigCheck; TDLFS;
19:57:57.0455 3028 ============================================================
19:57:57.0635 3028 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:57:57.0713 3028 1394ohci - ok
19:57:57.0752 3028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:57:57.0771 3028 ACPI - ok
19:57:57.0790 3028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:57:57.0848 3028 AcpiPmi - ok
19:57:57.0881 3028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:57:57.0905 3028 adp94xx - ok
19:57:57.0936 3028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:57:57.0956 3028 adpahci - ok
19:57:58.0001 3028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:57:58.0030 3028 adpu320 - ok
19:57:58.0063 3028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:57:58.0122 3028 AeLookupSvc - ok
19:57:58.0184 3028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:57:58.0240 3028 AFD - ok
19:57:58.0276 3028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:57:58.0287 3028 agp440 - ok
19:57:58.0310 3028 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:57:58.0355 3028 ALG - ok
19:57:58.0384 3028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:57:58.0396 3028 aliide - ok
19:57:58.0404 3028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:57:58.0416 3028 amdide - ok
19:57:58.0422 3028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:57:58.0467 3028 AmdK8 - ok
19:57:58.0476 3028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
19:57:58.0507 3028 AmdPPM - ok
19:57:58.0538 3028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:57:58.0551 3028 amdsata - ok
19:57:58.0583 3028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:57:58.0598 3028 amdsbs - ok
19:57:58.0610 3028 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:57:58.0622 3028 amdxata - ok
19:57:58.0641 3028 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:57:58.0710 3028 AppID - ok
19:57:58.0746 3028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:57:58.0824 3028 AppIDSvc - ok
19:57:58.0842 3028 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:57:58.0911 3028 Appinfo - ok
19:57:59.0022 3028 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:57:59.0038 3028 Apple Mobile Device - ok
19:57:59.0315 3028 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:57:59.0338 3028 arc - ok
19:57:59.0518 3028 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:57:59.0541 3028 arcsas - ok
19:57:59.0577 3028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:57:59.0649 3028 AsyncMac - ok
19:57:59.0668 3028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:57:59.0679 3028 atapi - ok
19:57:59.0829 3028 athr (16567ab05cd34f46d0dcbb129ca143c2) C:\windows\system32\DRIVERS\athrx.sys
19:57:59.0889 3028 athr - ok
19:58:00.0016 3028 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:58:00.0106 3028 AudioEndpointBuilder - ok
19:58:00.0113 3028 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:58:00.0156 3028 AudioSrv - ok
19:58:00.0175 3028 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:58:00.0211 3028 AxInstSV - ok
19:58:00.0284 3028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:58:00.0325 3028 b06bdrv - ok
19:58:00.0356 3028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:58:00.0390 3028 b57nd60a - ok
19:58:00.0463 3028 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:58:00.0491 3028 BBSvc - ok
19:58:00.0525 3028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:58:00.0556 3028 BDESVC - ok
19:58:00.0585 3028 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:58:00.0663 3028 Beep - ok
19:58:00.0704 3028 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:58:00.0770 3028 BFE - ok
19:58:00.0836 3028 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
19:58:00.0928 3028 BITS - ok
19:58:00.0974 3028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:58:01.0011 3028 blbdrive - ok
19:58:01.0081 3028 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:58:01.0110 3028 Bonjour Service - ok
19:58:01.0140 3028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:58:01.0171 3028 bowser - ok
19:58:01.0194 3028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:58:01.0234 3028 BrFiltLo - ok
19:58:01.0239 3028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:58:01.0254 3028 BrFiltUp - ok
19:58:01.0287 3028 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:58:01.0342 3028 Browser - ok
19:58:01.0358 3028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:58:01.0408 3028 Brserid - ok
19:58:01.0416 3028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:58:01.0448 3028 BrSerWdm - ok
19:58:01.0454 3028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:58:01.0479 3028 BrUsbMdm - ok
19:58:01.0482 3028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:58:01.0506 3028 BrUsbSer - ok
19:58:01.0529 3028 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
19:58:01.0581 3028 BthEnum - ok
19:58:01.0605 3028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:58:01.0644 3028 BTHMODEM - ok
19:58:01.0675 3028 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:58:01.0716 3028 BthPan - ok
19:58:01.0764 3028 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
19:58:01.0802 3028 BTHPORT - ok
19:58:01.0833 3028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:58:01.0886 3028 bthserv - ok
19:58:01.0915 3028 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
19:58:01.0945 3028 BTHUSB - ok
19:58:01.0989 3028 BTWAMPFL (9de56fa4533e485ae5409d3c11747143) C:\windows\system32\DRIVERS\btwampfl.sys
19:58:02.0022 3028 BTWAMPFL - ok
19:58:02.0039 3028 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys
19:58:02.0048 3028 btwaudio - ok
19:58:02.0061 3028 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
19:58:02.0070 3028 btwavdt - ok
19:58:02.0172 3028 btwdins (6f38e50cfb506991b9d51e0f134b0df7) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:58:02.0207 3028 btwdins - ok
19:58:02.0230 3028 btwl2cap (e8d2bcd080ea91e74775b9f5ea051f97) C:\windows\system32\DRIVERS\btwl2cap.sys
19:58:02.0238 3028 btwl2cap - ok
19:58:02.0251 3028 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
19:58:02.0259 3028 btwrchid - ok
19:58:02.0288 3028 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:58:02.0336 3028 cdfs - ok
19:58:02.0354 3028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:58:02.0378 3028 cdrom - ok
19:58:02.0411 3028 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:58:02.0483 3028 CertPropSvc - ok
19:58:02.0604 3028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:58:02.0643 3028 circlass - ok
19:58:02.0674 3028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:58:02.0688 3028 CLFS - ok
19:58:02.0769 3028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:02.0779 3028 clr_optimization_v2.0.50727_32 - ok
19:58:02.0839 3028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:58:02.0859 3028 clr_optimization_v2.0.50727_64 - ok
19:58:02.0917 3028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:58:02.0941 3028 clr_optimization_v4.0.30319_32 - ok
19:58:02.0975 3028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:58:02.0988 3028 clr_optimization_v4.0.30319_64 - ok
19:58:02.0997 3028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:58:03.0027 3028 CmBatt - ok
19:58:03.0049 3028 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:58:03.0063 3028 cmdide - ok
19:58:03.0116 3028 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:58:03.0163 3028 CNG - ok
19:58:03.0181 3028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:58:03.0192 3028 Compbatt - ok
19:58:03.0209 3028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:58:03.0233 3028 CompositeBus - ok
19:58:03.0236 3028 COMSysApp - ok
19:58:03.0250 3028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:58:03.0260 3028 crcdisk - ok
19:58:03.0298 3028 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:58:03.0347 3028 CryptSvc - ok
19:58:03.0455 3028 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:58:03.0496 3028 cvhsvc - ok
19:58:03.0554 3028 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:58:03.0621 3028 DcomLaunch - ok
19:58:03.0662 3028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:58:03.0726 3028 defragsvc - ok
19:58:03.0785 3028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:58:03.0849 3028 DfsC - ok
19:58:03.0886 3028 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:58:03.0944 3028 Dhcp - ok
19:58:03.0965 3028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:58:04.0017 3028 discache - ok
19:58:04.0048 3028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:58:04.0059 3028 Disk - ok
19:58:04.0062 3028 dlcg_device - ok
19:58:04.0087 3028 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:58:04.0110 3028 Dnscache - ok
19:58:04.0153 3028 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:58:04.0235 3028 dot3svc - ok
19:58:04.0254 3028 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:58:04.0311 3028 DPS - ok
19:58:04.0330 3028 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:58:04.0357 3028 drmkaud - ok
19:58:04.0414 3028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:58:04.0448 3028 DXGKrnl - ok
19:58:04.0473 3028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:58:04.0527 3028 EapHost - ok
19:58:04.0718 3028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:58:04.0779 3028 ebdrv - ok
19:58:04.0880 3028 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:58:04.0919 3028 EFS - ok
19:58:04.0993 3028 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:58:05.0041 3028 ehRecvr - ok
19:58:05.0064 3028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:58:05.0091 3028 ehSched - ok
19:58:05.0171 3028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:58:05.0201 3028 elxstor - ok
19:58:05.0209 3028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:58:05.0239 3028 ErrDev - ok
19:58:05.0273 3028 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\windows\system32\DRIVERS\ETD.sys
19:58:05.0297 3028 ETD - ok
19:58:05.0339 3028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:58:05.0390 3028 EventSystem - ok
19:58:05.0419 3028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:58:05.0473 3028 exfat - ok
19:58:05.0502 3028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:58:05.0566 3028 fastfat - ok
19:58:05.0632 3028 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:58:05.0674 3028 Fax - ok
19:58:05.0698 3028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:58:05.0712 3028 fdc - ok
19:58:05.0733 3028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:58:05.0796 3028 fdPHost - ok
19:58:05.0814 3028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:58:05.0867 3028 FDResPub - ok
19:58:05.0883 3028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:58:05.0894 3028 FileInfo - ok
19:58:05.0921 3028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:58:05.0965 3028 Filetrace - ok
19:58:05.0969 3028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:58:05.0981 3028 flpydisk - ok
19:58:06.0008 3028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:58:06.0024 3028 FltMgr - ok
19:58:06.0113 3028 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:58:06.0158 3028 FontCache - ok
19:58:06.0247 3028 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:58:06.0261 3028 FontCache3.0.0.0 - ok
19:58:06.0316 3028 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:58:06.0339 3028 FsDepends - ok
19:58:06.0362 3028 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:58:06.0374 3028 Fs_Rec - ok
19:58:06.0394 3028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:58:06.0414 3028 fvevol - ok
19:58:06.0437 3028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:58:06.0450 3028 gagp30kx - ok
19:58:06.0478 3028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:06.0486 3028 GEARAspiWDM - ok
19:58:06.0557 3028 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:58:06.0622 3028 gpsvc - ok
19:58:06.0654 3028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:58:06.0681 3028 hcw85cir - ok
19:58:06.0718 3028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:58:06.0760 3028 HdAudAddService - ok
19:58:06.0786 3028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:58:06.0819 3028 HDAudBus - ok
19:58:06.0840 3028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:58:06.0865 3028 HidBatt - ok
19:58:06.0873 3028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:58:06.0897 3028 HidBth - ok
19:58:06.0902 3028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:58:06.0918 3028 HidIr - ok
19:58:06.0937 3028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:58:06.0992 3028 hidserv - ok
19:58:06.0998 3028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:58:07.0010 3028 HidUsb - ok
19:58:07.0045 3028 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:58:07.0116 3028 hkmsvc - ok
19:58:07.0145 3028 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:58:07.0173 3028 HomeGroupListener - ok
19:58:07.0209 3028 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:58:07.0242 3028 HomeGroupProvider - ok
19:58:07.0267 3028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:58:07.0280 3028 HpSAMD - ok
19:58:07.0336 3028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:58:07.0402 3028 HTTP - ok
19:58:07.0429 3028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:58:07.0440 3028 hwpolicy - ok
19:58:07.0454 3028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:58:07.0467 3028 i8042prt - ok
19:58:07.0524 3028 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
19:58:07.0542 3028 iaStor - ok
19:58:07.0586 3028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:58:07.0604 3028 iaStorV - ok
19:58:07.0729 3028 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:58:07.0760 3028 idsvc - ok
19:58:08.0250 3028 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
19:58:08.0391 3028 igfx - ok
19:58:08.0509 3028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:58:08.0529 3028 iirsp - ok
19:58:08.0594 3028 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:58:08.0652 3028 IKEEXT - ok
19:58:08.0682 3028 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
19:58:08.0700 3028 Impcd - ok
19:58:08.0843 3028 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\windows\system32\drivers\RTKVHD64.sys
19:58:08.0897 3028 IntcAzAudAddService - ok
19:58:09.0015 3028 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
19:58:09.0041 3028 IntcDAud - ok
19:58:09.0066 3028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:58:09.0078 3028 intelide - ok
19:58:09.0099 3028 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:58:09.0126 3028 intelppm - ok
19:58:09.0167 3028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:58:09.0227 3028 IPBusEnum - ok
19:58:09.0242 3028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:58:09.0278 3028 IpFilterDriver - ok
19:58:09.0314 3028 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:58:09.0367 3028 iphlpsvc - ok
19:58:09.0386 3028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:58:09.0413 3028 IPMIDRV - ok
19:58:09.0453 3028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:58:09.0502 3028 IPNAT - ok
19:58:09.0588 3028 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:58:09.0621 3028 iPod Service - ok
19:58:09.0625 3028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:58:09.0643 3028 IRENUM - ok
19:58:09.0674 3028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:58:09.0684 3028 isapnp - ok
19:58:09.0715 3028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:58:09.0730 3028 iScsiPrt - ok
19:58:09.0750 3028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:58:09.0761 3028 kbdclass - ok
19:58:09.0779 3028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:58:09.0800 3028 kbdhid - ok
19:58:09.0827 3028 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:58:09.0840 3028 KeyIso - ok
19:58:09.0858 3028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:58:09.0871 3028 KSecDD - ok
19:58:09.0887 3028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:58:09.0901 3028 KSecPkg - ok
19:58:09.0927 3028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:58:09.0984 3028 ksthunk - ok
19:58:10.0018 3028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:58:10.0075 3028 KtmRm - ok
19:58:10.0125 3028 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
19:58:10.0210 3028 LanmanServer - ok
19:58:10.0240 3028 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:58:10.0300 3028 LanmanWorkstation - ok
19:58:10.0648 3028 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
19:58:10.0759 3028 LeapFrog Connect Device Service - ok
19:58:10.0864 3028 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
19:58:10.0879 3028 Leapfrog-USBLAN - ok
19:58:10.0902 3028 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:58:10.0974 3028 lltdio - ok
19:58:11.0011 3028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:58:11.0065 3028 lltdsvc - ok
19:58:11.0078 3028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:58:11.0116 3028 lmhosts - ok
19:58:11.0139 3028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:58:11.0150 3028 LSI_FC - ok
19:58:11.0184 3028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:58:11.0195 3028 LSI_SAS - ok
19:58:11.0213 3028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:58:11.0224 3028 LSI_SAS2 - ok
19:58:11.0246 3028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:58:11.0259 3028 LSI_SCSI - ok
19:58:11.0284 3028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:58:11.0348 3028 luafv - ok
19:58:11.0379 3028 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:58:11.0392 3028 Mcx2Svc - ok
19:58:11.0417 3028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:58:11.0428 3028 megasas - ok
19:58:11.0455 3028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:58:11.0469 3028 MegaSR - ok
19:58:11.0517 3028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:58:11.0599 3028 MMCSS - ok
19:58:11.0614 3028 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:58:11.0661 3028 Modem - ok
19:58:11.0690 3028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:58:11.0721 3028 monitor - ok
19:58:11.0734 3028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:58:11.0745 3028 mouclass - ok
19:58:11.0759 3028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:58:11.0781 3028 mouhid - ok
19:58:11.0799 3028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:58:11.0811 3028 mountmgr - ok
19:58:11.0866 3028 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:58:11.0889 3028 MozillaMaintenance - ok
19:58:11.0924 3028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:58:11.0939 3028 mpio - ok
19:58:11.0957 3028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:58:11.0995 3028 mpsdrv - ok
19:58:12.0061 3028 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:58:12.0140 3028 MpsSvc - ok
19:58:12.0157 3028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:58:12.0222 3028 MRxDAV - ok
19:58:12.0245 3028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:58:12.0274 3028 mrxsmb - ok
19:58:12.0304 3028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:58:12.0321 3028 mrxsmb10 - ok
19:58:12.0342 3028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:58:12.0357 3028 mrxsmb20 - ok
19:58:12.0383 3028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:58:12.0396 3028 msahci - ok
19:58:12.0420 3028 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:58:12.0435 3028 msdsm - ok
19:58:12.0472 3028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:58:12.0501 3028 MSDTC - ok
19:58:12.0536 3028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:58:12.0574 3028 Msfs - ok
19:58:12.0584 3028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:58:12.0635 3028 mshidkmdf - ok
19:58:12.0653 3028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:58:12.0663 3028 msisadrv - ok
19:58:12.0688 3028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:58:12.0736 3028 MSiSCSI - ok
19:58:12.0739 3028 msiserver - ok
19:58:12.0757 3028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:58:12.0804 3028 MSKSSRV - ok
19:58:12.0808 3028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:58:12.0850 3028 MSPCLOCK - ok
19:58:12.0853 3028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:58:12.0899 3028 MSPQM - ok
19:58:12.0926 3028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:58:12.0942 3028 MsRPC - ok
19:58:12.0964 3028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:58:12.0975 3028 mssmbios - ok
19:58:12.0986 3028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:58:13.0035 3028 MSTEE - ok
19:58:13.0047 3028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:58:13.0069 3028 MTConfig - ok
19:58:13.0086 3028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:58:13.0099 3028 Mup - ok
19:58:13.0147 3028 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:58:13.0216 3028 napagent - ok
19:58:13.0254 3028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:58:13.0289 3028 NativeWifiP - ok
19:58:13.0359 3028 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
19:58:13.0400 3028 NDIS - ok
19:58:13.0418 3028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:58:13.0472 3028 NdisCap - ok
19:58:13.0485 3028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:58:13.0539 3028 NdisTapi - ok
19:58:13.0553 3028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:58:13.0602 3028 Ndisuio - ok
19:58:13.0648 3028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:58:13.0696 3028 NdisWan - ok
19:58:13.0711 3028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:58:13.0760 3028 NDProxy - ok
19:58:13.0775 3028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:58:13.0824 3028 NetBIOS - ok
19:58:13.0851 3028 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:58:13.0895 3028 NetBT - ok
19:58:13.0921 3028 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:58:13.0933 3028 Netlogon - ok
19:58:13.0966 3028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:58:14.0033 3028 Netman - ok
19:58:14.0069 3028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:58:14.0133 3028 netprofm - ok
19:58:14.0225 3028 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:14.0241 3028 NetTcpPortSharing - ok
19:58:14.0267 3028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:58:14.0287 3028 nfrd960 - ok
19:58:14.0323 3028 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:58:14.0392 3028 NlaSvc - ok
19:58:14.0591 3028 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:58:14.0649 3028 NOBU - ok
19:58:14.0765 3028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:58:14.0823 3028 Npfs - ok
19:58:14.0848 3028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:58:14.0889 3028 nsi - ok
19:58:14.0899 3028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:58:14.0949 3028 nsiproxy - ok
19:58:15.0060 3028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:58:15.0106 3028 Ntfs - ok
19:58:15.0218 3028 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:58:15.0283 3028 Null - ok
19:58:15.0312 3028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:58:15.0324 3028 nvraid - ok
19:58:15.0345 3028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:58:15.0358 3028 nvstor - ok
19:58:15.0386 3028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:58:15.0398 3028 nv_agp - ok
19:58:15.0405 3028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:58:15.0430 3028 ohci1394 - ok
19:58:15.0485 3028 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:58:15.0498 3028 ose - ok
19:58:15.0791 3028 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:58:15.0891 3028 osppsvc - ok
19:58:16.0018 3028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:58:16.0061 3028 p2pimsvc - ok
19:58:16.0103 3028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:58:16.0144 3028 p2psvc - ok
19:58:16.0204 3028 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:58:16.0225 3028 Parport - ok
19:58:16.0269 3028 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:58:16.0294 3028 partmgr - ok
19:58:16.0333 3028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:58:16.0389 3028 PcaSvc - ok
19:58:16.0416 3028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:58:16.0430 3028 pci - ok
19:58:16.0452 3028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:58:16.0462 3028 pciide - ok
19:58:16.0484 3028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:58:16.0498 3028 pcmcia - ok
19:58:16.0514 3028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:58:16.0525 3028 pcw - ok
19:58:16.0571 3028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:58:16.0643 3028 PEAUTH - ok
19:58:16.0726 3028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:58:16.0768 3028 PerfHost - ok
19:58:16.0883 3028 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:58:16.0966 3028 pla - ok
19:58:17.0022 3028 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:58:17.0065 3028 PlugPlay - ok
19:58:17.0090 3028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:58:17.0111 3028 PNRPAutoReg - ok
19:58:17.0137 3028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:58:17.0156 3028 PNRPsvc - ok
19:58:17.0210 3028 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:58:17.0273 3028 PolicyAgent - ok
19:58:17.0305 3028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:58:17.0358 3028 Power - ok
19:58:17.0425 3028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:58:17.0488 3028 PptpMiniport - ok
19:58:17.0511 3028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:58:17.0528 3028 Processor - ok
19:58:17.0558 3028 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:58:17.0619 3028 ProfSvc - ok
19:58:17.0648 3028 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:58:17.0660 3028 ProtectedStorage - ok
19:58:17.0682 3028 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:58:17.0723 3028 Psched - ok
19:58:17.0806 3028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:58:17.0852 3028 ql2300 - ok
19:58:17.0973 3028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:58:17.0997 3028 ql40xx - ok
19:58:18.0026 3028 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:58:18.0051 3028 QWAVE - ok
19:58:18.0085 3028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:58:18.0119 3028 QWAVEdrv - ok
19:58:18.0123 3028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:58:18.0172 3028 RasAcd - ok
19:58:18.0199 3028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:58:18.0237 3028 RasAgileVpn - ok
19:58:18.0266 3028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:58:18.0328 3028 RasAuto - ok
19:58:18.0360 3028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:58:18.0415 3028 Rasl2tp - ok
19:58:18.0448 3028 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:58:18.0498 3028 RasMan - ok
19:58:18.0520 3028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:58:18.0577 3028 RasPppoe - ok
19:58:18.0600 3028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:58:18.0647 3028 RasSstp - ok
19:58:18.0675 3028 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:58:18.0735 3028 rdbss - ok
19:58:18.0752 3028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:58:18.0779 3028 rdpbus - ok
19:58:18.0795 3028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:58:18.0856 3028 RDPCDD - ok
19:58:18.0871 3028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:58:18.0920 3028 RDPENCDD - ok
19:58:18.0943 3028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:58:18.0991 3028 RDPREFMP - ok
19:58:19.0025 3028 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:58:19.0051 3028 RDPWD - ok
19:58:19.0072 3028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:58:19.0089 3028 rdyboost - ok
19:58:19.0118 3028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:58:19.0185 3028 RemoteAccess - ok
19:58:19.0212 3028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:58:19.0272 3028 RemoteRegistry - ok
19:58:19.0298 3028 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:58:19.0325 3028 RFCOMM - ok
19:58:19.0348 3028 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:58:19.0370 3028 RimUsb - ok
19:58:19.0396 3028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:58:19.0451 3028 RpcEptMapper - ok
19:58:19.0471 3028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:58:19.0491 3028 RpcLocator - ok
19:58:19.0530 3028 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:58:19.0580 3028 RpcSs - ok
19:58:19.0621 3028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:58:19.0661 3028 rspndr - ok
19:58:19.0679 3028 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
19:58:19.0699 3028 RTL8167 - ok
19:58:19.0797 3028 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
19:58:19.0813 3028 rtport - ok
19:58:19.0843 3028 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
19:58:19.0868 3028 SABI - ok
19:58:19.0900 3028 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:58:19.0916 3028 SamSs - ok
19:58:19.0955 3028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:58:19.0972 3028 sbp2port - ok
19:58:19.0999 3028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:58:20.0056 3028 SCardSvr - ok
19:58:20.0075 3028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:58:20.0113 3028 scfilter - ok
19:58:20.0178 3028 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:58:20.0242 3028 Schedule - ok
19:58:20.0271 3028 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:58:20.0310 3028 SCPolicySvc - ok
19:58:20.0346 3028 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:58:20.0358 3028 SDRSVC - ok
19:58:20.0450 3028 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:58:20.0475 3028 SeaPort - ok
19:58:20.0535 3028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:58:20.0601 3028 secdrv - ok
19:58:20.0623 3028 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:58:20.0680 3028 seclogon - ok
19:58:20.0699 3028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:58:20.0760 3028 SENS - ok
19:58:20.0777 3028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:58:20.0801 3028 SensrSvc - ok
19:58:20.0821 3028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:58:20.0849 3028 Serenum - ok
19:58:20.0866 3028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:58:20.0891 3028 Serial - ok
19:58:20.0896 3028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:58:20.0920 3028 sermouse - ok
19:58:20.0952 3028 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:58:21.0019 3028 SessionEnv - ok
19:58:21.0022 3028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:58:21.0038 3028 sffdisk - ok
19:58:21.0041 3028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:58:21.0061 3028 sffp_mmc - ok
19:58:21.0065 3028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:58:21.0086 3028 sffp_sd - ok
19:58:21.0090 3028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:58:21.0102 3028 sfloppy - ok
19:58:21.0159 3028 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:58:21.0186 3028 Sftfs - ok
19:58:21.0260 3028 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:58:21.0286 3028 sftlist - ok
19:58:21.0321 3028 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:58:21.0335 3028 Sftplay - ok
19:58:21.0352 3028 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:58:21.0361 3028 Sftredir - ok
19:58:21.0380 3028 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:58:21.0389 3028 Sftvol - ok
19:58:21.0422 3028 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:58:21.0435 3028 sftvsa - ok
19:58:21.0504 3028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:58:21.0586 3028 SharedAccess - ok
19:58:21.0628 3028 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:58:21.0689 3028 ShellHWDetection - ok
19:58:21.0726 3028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:58:21.0749 3028 SiSRaid2 - ok
19:58:21.0766 3028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:58:21.0777 3028 SiSRaid4 - ok
19:58:21.0798 3028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:58:21.0848 3028 Smb - ok
19:58:21.0877 3028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:58:21.0904 3028 SNMPTRAP - ok
19:58:21.0918 3028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:58:21.0928 3028 spldr - ok
19:58:21.0968 3028 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:58:22.0014 3028 Spooler - ok
19:58:22.0201 3028 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:58:22.0291 3028 sppsvc - ok
19:58:22.0387 3028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:58:22.0464 3028 sppuinotify - ok
19:58:22.0529 3028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:58:22.0564 3028 srv - ok
19:58:22.0592 3028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:58:22.0608 3028 srv2 - ok
19:58:22.0636 3028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:58:22.0658 3028 srvnet - ok
19:58:22.0693 3028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:58:22.0758 3028 SSDPSRV - ok
19:58:22.0782 3028 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
19:58:22.0790 3028 SSPORT - ok
19:58:22.0811 3028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:58:22.0852 3028 SstpSvc - ok
19:58:22.0871 3028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:58:22.0881 3028 stexstor - ok
19:58:22.0937 3028 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:58:22.0973 3028 stisvc - ok
19:58:22.0984 3028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:58:22.0995 3028 swenum - ok
19:58:23.0051 3028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:58:23.0111 3028 swprv - ok
19:58:23.0214 3028 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:58:23.0275 3028 SysMain - ok
19:58:23.0376 3028 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:58:23.0409 3028 TabletInputService - ok
19:58:23.0437 3028 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:58:23.0492 3028 TapiSrv - ok
19:58:23.0525 3028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:58:23.0603 3028 TBS - ok
19:58:23.0753 3028 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:58:23.0803 3028 Tcpip - ok
19:58:24.0008 3028 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:58:24.0069 3028 TCPIP6 - ok
19:58:24.0173 3028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:58:24.0239 3028 tcpipreg - ok
19:58:24.0259 3028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:58:24.0294 3028 TDPIPE - ok
19:58:24.0318 3028 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:58:24.0340 3028 TDTCP - ok
19:58:24.0364 3028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:58:24.0413 3028 tdx - ok
19:58:24.0443 3028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:58:24.0453 3028 TermDD - ok
19:58:24.0517 3028 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:58:24.0589 3028 TermService - ok
19:58:24.0609 3028 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:58:24.0647 3028 Themes - ok
19:58:24.0674 3028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:58:24.0714 3028 THREADORDER - ok
19:58:24.0747 3028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:58:24.0799 3028 TrkWks - ok
19:58:24.0855 3028 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:58:24.0926 3028 TrustedInstaller - ok
19:58:24.0942 3028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:58:24.0996 3028 tssecsrv - ok
19:58:25.0000 3028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:58:25.0011 3028 TsUsbFlt - ok
19:58:25.0027 3028 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:58:25.0050 3028 TsUsbGD - ok
19:58:25.0067 3028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:58:25.0105 3028 tunnel - ok
19:58:25.0111 3028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:58:25.0121 3028 uagp35 - ok
19:58:25.0149 3028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:58:25.0206 3028 udfs - ok
19:58:25.0237 3028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:58:25.0251 3028 UI0Detect - ok
19:58:25.0279 3028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:58:25.0291 3028 uliagpkx - ok
19:58:25.0305 3028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:58:25.0334 3028 umbus - ok
19:58:25.0337 3028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:58:25.0364 3028 UmPass - ok
19:58:25.0393 3028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:58:25.0442 3028 upnphost - ok
19:58:25.0480 3028 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:58:25.0501 3028 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:58:25.0501 3028 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:58:25.0531 3028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:58:25.0567 3028 usbccgp - ok
19:58:25.0593 3028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:58:25.0625 3028 usbcir - ok
19:58:25.0639 3028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
19:58:25.0664 3028 usbehci - ok
19:58:25.0690 3028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:58:25.0721 3028 usbhub - ok
19:58:25.0754 3028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:58:25.0768 3028 usbohci - ok
19:58:25.0796 3028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:58:25.0836 3028 usbprint - ok
19:58:25.0861 3028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:58:25.0884 3028 usbscan - ok
19:58:25.0917 3028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:58:25.0950 3028 USBSTOR - ok
19:58:25.0966 3028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:58:25.0993 3028 usbuhci - ok
19:58:26.0026 3028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:58:26.0064 3028 usbvideo - ok
19:58:26.0085 3028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:58:26.0137 3028 UxSms - ok
19:58:26.0169 3028 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:58:26.0193 3028 VaultSvc - ok
19:58:26.0222 3028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:58:26.0235 3028 vdrvroot - ok
19:58:26.0289 3028 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:58:26.0354 3028 vds - ok
19:58:26.0378 3028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:58:26.0393 3028 vga - ok
19:58:26.0408 3028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:58:26.0463 3028 VgaSave - ok
19:58:26.0488 3028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:58:26.0501 3028 vhdmp - ok
19:58:26.0519 3028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:58:26.0530 3028 viaide - ok
19:58:26.0546 3028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:58:26.0557 3028 volmgr - ok
19:58:26.0582 3028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:58:26.0599 3028 volmgrx - ok
19:58:26.0633 3028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:58:26.0650 3028 volsnap - ok
19:58:26.0689 3028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:58:26.0702 3028 vsmraid - ok
19:58:26.0817 3028 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:58:26.0893 3028 VSS - ok
19:58:26.0989 3028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:58:27.0017 3028 vwifibus - ok
19:58:27.0046 3028 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
19:58:27.0066 3028 vwififlt - ok
19:58:27.0084 3028 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
19:58:27.0113 3028 vwifimp - ok
19:58:27.0162 3028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:58:27.0229 3028 W32Time - ok
19:58:27.0255 3028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:58:27.0277 3028 WacomPen - ok
19:58:27.0296 3028 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:58:27.0354 3028 WANARP - ok
19:58:27.0356 3028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:58:27.0394 3028 Wanarpv6 - ok
19:58:27.0485 3028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:58:27.0528 3028 WatAdminSvc - ok
19:58:27.0634 3028 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:58:27.0679 3028 wbengine - ok
19:58:27.0790 3028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:58:27.0849 3028 WbioSrvc - ok
19:58:27.0886 3028 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:58:27.0921 3028 wcncsvc - ok
19:58:27.0933 3028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:58:27.0948 3028 WcsPlugInService - ok
19:58:28.0004 3028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:58:28.0026 3028 Wd - ok
19:58:28.0078 3028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:58:28.0109 3028 Wdf01000 - ok
19:58:28.0142 3028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:58:28.0180 3028 WdiServiceHost - ok
19:58:28.0184 3028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:58:28.0206 3028 WdiSystemHost - ok
19:58:28.0235 3028 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:58:28.0275 3028 WebClient - ok
19:58:28.0305 3028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:58:28.0362 3028 Wecsvc - ok
19:58:28.0379 3028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:58:28.0419 3028 wercplsupport - ok
19:58:28.0441 3028 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:58:28.0489 3028 WerSvc - ok
19:58:28.0539 3028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:58:28.0602 3028 WfpLwf - ok
19:58:28.0619 3028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:58:28.0628 3028 WIMMount - ok
19:58:28.0675 3028 WinDefend - ok
19:58:28.0685 3028 WinHttpAutoProxySvc - ok
19:58:28.0752 3028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:58:28.0820 3028 Winmgmt - ok
19:58:28.0951 3028 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:58:29.0018 3028 WinRM - ok
19:58:29.0136 3028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:58:29.0175 3028 WinUsb - ok
19:58:29.0235 3028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:58:29.0284 3028 Wlansvc - ok
19:58:29.0357 3028 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:58:29.0375 3028 wlcrasvc - ok
19:58:29.0553 3028 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:58:29.0605 3028 wlidsvc - ok
19:58:29.0705 3028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:58:29.0727 3028 WmiAcpi - ok
19:58:29.0767 3028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:58:29.0806 3028 wmiApSrv - ok
19:58:29.0850 3028 WMPNetworkSvc - ok
19:58:29.0882 3028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:58:29.0901 3028 WPCSvc - ok
19:58:29.0922 3028 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:58:29.0937 3028 WPDBusEnum - ok
19:58:29.0962 3028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:58:30.0014 3028 ws2ifsl - ok
19:58:30.0027 3028 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
19:58:30.0054 3028 wscsvc - ok
19:58:30.0057 3028 WSearch - ok
19:58:30.0188 3028 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:58:30.0270 3028 wuauserv - ok
19:58:30.0378 3028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:58:30.0448 3028 WudfPf - ok
19:58:30.0468 3028 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:58:30.0506 3028 WUDFRd - ok
19:58:30.0539 3028 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:58:30.0584 3028 wudfsvc - ok
19:58:30.0614 3028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:58:30.0635 3028 WwanSvc - ok
19:58:30.0704 3028 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
19:58:30.0745 3028 yukonw7 - ok
19:58:30.0785 3028 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
19:58:31.0188 3028 \Device\Harddisk0\DR0 - ok
19:58:31.0192 3028 Boot (0x1200) (d86296289dfe272b6ddfc3a38aad5bac) \Device\Harddisk0\DR0\Partition0
19:58:31.0195 3028 \Device\Harddisk0\DR0\Partition0 - ok
19:58:31.0219 3028 Boot (0x1200) (4218cf2e71e09223979976e617bfc780) \Device\Harddisk0\DR0\Partition1
19:58:31.0221 3028 \Device\Harddisk0\DR0\Partition1 - ok
19:58:31.0244 3028 Boot (0x1200) (6af1510be2cad020bf847144c772e974) \Device\Harddisk0\DR0\Partition2
19:58:31.0246 3028 \Device\Harddisk0\DR0\Partition2 - ok
19:58:31.0247 3028 ============================================================
19:58:31.0247 3028 Scan finished
19:58:31.0247 3028 ============================================================
19:58:31.0256 6008 Detected object count: 1
19:58:31.0256 6008 Actual detected object count: 1
19:59:57.0336 6008 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:59:57.0336 6008 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip





ComboFix 12-05-23.06 - Owner 05/23/2012 21:18:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2272 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Owner\AppData\Local\Temp\muagf.dll
c:\users\Owner\AppData\Roaming\MicroST
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 02:22 . 2012-05-24 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 01:17 . 2012-05-24 01:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-24 01:16 . 2012-05-24 01:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 01:16 . 2012-05-24 01:16 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 01:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 00:52 . 2012-05-24 00:52 -------- d-----w- C:\7Q8oXApf5tJT3di
2012-05-23 00:57 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27655880-FD32-45E9-B477-A1974FBF87EE}\mpengine.dll
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 12:07 . 2012-05-14 12:07 -------- d-----w- c:\users\Owner\AppData\Local\{573F00A5-9DBD-11E1-826F-B8AC6F996F26}
2012-05-13 01:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 01:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 01:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 01:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 01:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 01:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 01:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 01:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 01:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 01:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 01:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 01:17 . 2012-05-09 01:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-09 01:17 . 2012-05-09 01:17 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 01:17 . 2012-05-09 01:17 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files\iPod
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files\iTunes
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 23:10 . 2012-03-03 23:10 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 06:46 . 2012-04-14 15:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-14 15:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-14 15:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-14 15:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-14 15:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-14 15:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 15:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-14 15:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-14 15:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-14 15:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-14 15:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-14 15:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-14 15:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-14 15:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-14 15:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-23 1131808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-09 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111146,17117,0,18,0
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j9oaapx3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 21:23:53
ComboFix-quarantined-files.txt 2012-05-24 02:23
.
Pre-Run: 109,037,502,464 bytes free
Post-Run: 109,373,468,672 bytes free
.
- - End Of File - - 725BD5096A968ABD22D3722431C31E7D

Edited by hawkeyes360, 25 May 2012 - 12:01 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 26 May 2012 - 12:31 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 May 2012 - 07:57 PM

Thank you for the help. I have run a few programs before you responded and I have not noticed any redirecting for the 5 minutes I used the computer since then but, please let me know if you see anything wrong. Thanks again for the help. Below is the log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 19:49:22 on 2012-05-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2553 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\dlcgcoms.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Owner\Desktop\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111146,17117,0,18,0
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: samsungsetup.com\www
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{361D80E7-0302-42D3-A443-F63305B83109} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j9oaapx3.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B16cb4537-2cfd-4f5f-b315-6331e012d835%7D&mid=9cef7b659b5947d092a3395874694888-14349aed15b5f8255a28dda60adf8a04244f4163&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-23%2021%3A43%3A58&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;\??\C:\windows\system32\Drivers\SSPORT.sys --> C:\windows\system32\Drivers\SSPORT.sys [?]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-5-23 932736]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\windows\system32\DRIVERS\btblan.sys --> C:\windows\system32\DRIVERS\btblan.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-26 14:33:39 -------- d-----w- C:\Program Files\CCleaner
2012-05-26 14:28:32 30496 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-05-26 14:27:39 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-26 02:24:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-26 02:23:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-26 02:23:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-26 01:07:06 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-05-24 10:52:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-24 02:45:00 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012
2012-05-24 02:44:07 -------- d-----w- C:\Users\Owner\AppData\Local\AVG Secure Search
2012-05-24 02:43:58 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-05-24 02:43:57 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-05-24 02:43:57 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-05-24 02:43:46 -------- d--h--w- C:\ProgramData\Common Files
2012-05-24 02:43:45 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-05-24 02:43:20 -------- d--h--w- C:\$AVG
2012-05-24 02:43:20 -------- d-----w- C:\windows\System32\drivers\AVG
2012-05-24 02:43:20 -------- d-----w- C:\ProgramData\AVG2012
2012-05-24 02:42:52 -------- d-----w- C:\Program Files (x86)\AVG
2012-05-24 02:39:09 -------- d-----w- C:\ProgramData\MFAData
2012-05-24 02:17:27 98816 ----a-w- C:\windows\sed.exe
2012-05-24 02:17:27 518144 ----a-w- C:\windows\SWREG.exe
2012-05-24 02:17:27 256000 ----a-w- C:\windows\PEV.exe
2012-05-24 02:17:27 208896 ----a-w- C:\windows\MBR.exe
2012-05-24 01:17:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-05-24 01:16:34 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-05-24 01:16:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-24 01:16:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-24 00:52:07 -------- d-----w- C:\7Q8oXApf5tJT3di
2012-05-23 00:57:30 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27655880-FD32-45E9-B477-A1974FBF87EE}\mpengine.dll
2012-05-14 12:07:20 -------- d-----w- C:\Users\Owner\AppData\Local\{573F00A5-9DBD-11E1-826F-B8AC6F996F26}
2012-05-13 01:25:50 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-13 01:25:50 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-13 01:25:49 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-13 01:25:48 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 01:25:48 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-13 01:25:47 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-13 01:24:58 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-13 01:24:50 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-13 01:24:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-13 01:24:46 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-13 01:24:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 01:17:59 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-09 01:17:55 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 01:17:55 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 02:12:16 -------- d-----w- C:\Program Files\iPod
2012-05-03 02:12:15 -------- d-----w- C:\Program Files\iTunes
2012-05-03 02:12:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-28 17:50:45 -------- d-----w- C:\Users\Owner\AppData\Local\{86345D54-ED06-438E-AA25-094FBAB5DF36}
2012-04-28 17:50:45 -------- d-----w- C:\Users\Owner\AppData\Local\{1693E07F-C0DD-437C-9D23-6C10DBD4FAA5}
.
==================== Find3M ====================
.
2012-04-19 09:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-03-19 10:17:26 383808 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:49:57.90 ===============


Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/7/2011 5:53:22 PM
System Uptime: 5/26/2012 7:39:35 PM (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730/R540
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU 1 | 1175/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 179 GiB total, 102.568 GiB free.
D: is FIXED (NTFS) - 267 GiB total, 266.564 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Broadcom BCM2070 Bluetooth 3.0 USB Device
Device ID: USB\VID_0A5C&PID_2198\0002722417DB
Manufacturer: Broadcom
Name: Broadcom BCM2070 Bluetooth 3.0 USB Device
PNP Device ID: USB\VID_0A5C&PID_2198\0002722417DB
Service: BTHUSB
.
==== System Restore Points ===================
.
RP74: 5/2/2012 7:52:04 PM - Windows Update
RP75: 5/12/2012 8:24:51 PM - Windows Update
RP76: 5/13/2012 9:46:06 AM - Windows Update
RP77: 5/15/2012 8:15:51 PM - Windows Update
RP78: 5/22/2012 7:56:53 PM - Windows Update
RP79: 5/23/2012 9:42:38 PM - Installed AVG 2012
RP80: 5/23/2012 9:42:59 PM - Installed AVG 2012
RP81: 5/25/2012 7:56:44 PM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Apple Application Support
Apple Software Update
Atheros Client Installation Program
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bing Bar
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cisco Connect
CyberLink YouCam
D3DX10
DVD Shrink 3.2
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Junk Mail filter update
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung ML-1865W Series
Samsung Recovery Solution 4
Samsung Support Center 1.0
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Skype™ 4.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
User Guide
Visual Studio 2008 x64 Redistributables
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== Event Viewer Messages From Past Week ========
.
5/26/2012 9:23:27 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 9:13:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/26/2012 9:13:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/26/2012 9:13:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/26/2012 9:13:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/26/2012 9:13:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache SABI SASDIFSV SASKUTIL spldr Wanarpv6
5/26/2012 9:13:14 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 11:25:44 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/26/2012 11:25:44 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
5/26/2012 11:20:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/25/2012 7:58:23 PM, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/25/2012 3:21:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache SABI spldr Wanarpv6
5/23/2012 9:22:16 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/23/2012 9:21:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 26 May 2012 - 08:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 May 2012 - 08:56 PM

It seems to be running slow. I have not been fully redirect again in google I have tried not to use it much until I make sure it is fixed. When i googled "amazon" and clicked on amazon.com it went to a few ad sites first, then went to amazon.com. I am not sure if that was blocked by my antivirus or not. Below is the log you requested. Again. Thank you very much.

ComboFix 12-05-26.02 - Owner 05/26/2012 20:47:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2710 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 01:51 . 2012-05-27 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 14:33 . 2012-05-26 14:33 -------- d-----w- c:\program files\CCleaner
2012-05-26 14:28 . 2012-05-26 14:31 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-26 14:27 . 2012-05-26 14:28 -------- d-----w- c:\programdata\HitmanPro
2012-05-26 02:24 . 2012-05-26 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-26 02:23 . 2012-05-26 02:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-26 02:23 . 2012-05-26 02:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-26 01:07 . 2012-05-26 02:04 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-05-24 02:45 . 2012-05-24 02:45 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2012
2012-05-24 02:44 . 2012-05-24 02:44 -------- d-----w- c:\users\Owner\AppData\Local\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:44 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:44 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:43 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:43 -------- d--h--w- c:\programdata\Common Files
2012-05-24 02:43 . 2012-05-24 02:43 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-24 02:43 . 2012-05-26 16:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-24 02:43 . 2012-05-24 02:54 -------- d-----w- c:\programdata\AVG2012
2012-05-24 02:43 . 2012-05-24 02:43 -------- d-----w- C:\$AVG
2012-05-24 02:42 . 2012-05-24 02:42 -------- d-----w- c:\program files (x86)\AVG
2012-05-24 02:39 . 2012-05-26 16:49 -------- d-----w- c:\programdata\MFAData
2012-05-24 01:17 . 2012-05-24 01:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-24 01:16 . 2012-05-24 01:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 01:16 . 2012-05-24 01:16 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 01:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 00:52 . 2012-05-24 00:52 -------- d-----w- C:\7Q8oXApf5tJT3di
2012-05-23 00:57 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27655880-FD32-45E9-B477-A1974FBF87EE}\mpengine.dll
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 12:07 . 2012-05-14 12:07 -------- d-----w- c:\users\Owner\AppData\Local\{573F00A5-9DBD-11E1-826F-B8AC6F996F26}
2012-05-13 01:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 01:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 01:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 01:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 01:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 01:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 01:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 01:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 01:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 01:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 01:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 01:17 . 2012-05-09 01:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-09 01:17 . 2012-05-09 01:17 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 01:17 . 2012-05-09 01:17 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files\iPod
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files\iTunes
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-03 23:10 . 2012-03-03 23:10 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 06:46 . 2012-04-14 15:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-14 15:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-14 15:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-14 15:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-14 15:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-14 15:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 15:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-14 15:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-14 15:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-14 15:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-14 15:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-14 15:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-14 15:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-14 15:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-14 15:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_02.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-26 18:13 . 2012-05-26 18:13 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-24 01:47 . 2012-05-24 01:47 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-05-27 00:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-07 22:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-07 22:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 00:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 00:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-07 22:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-27 00:42 49312 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-27 00:42 45158 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-31 09:46 . 2012-01-31 09:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 18:32 . 2011-12-23 18:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 18:32 . 2011-12-23 18:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
- 2011-10-07 21:43 . 2012-05-03 02:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-07 21:43 . 2012-05-27 01:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-07 21:43 . 2012-05-03 02:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-07 21:43 . 2012-05-27 01:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 01:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 02:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-26 02:12 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-29 01:12 . 2012-05-26 02:03 3272 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-07 22:55 . 2012-05-27 00:42 9338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2942724973-3254444484-952029406-1000_UserData.bin
+ 2012-05-27 00:40 . 2012-05-27 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-24 01:47 . 2012-05-24 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-24 01:47 . 2012-05-24 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-27 00:40 . 2012-05-27 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-20 16:31 . 2012-05-26 17:54 264954 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-13 19:23 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-26 13:52 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-26 13:52 106942 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-13 19:23 106942 c:\windows\system32\perfc009.dat
+ 2012-02-22 10:25 . 2012-02-22 10:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 18:31 . 2011-12-23 18:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2009-07-14 05:01 . 2012-05-26 18:13 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-24 01:47 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-18 02:55 . 2012-05-26 03:14 405444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942724973-3254444484-952029406-1000-12288.dat
- 2011-10-18 02:55 . 2012-02-26 21:24 405444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942724973-3254444484-952029406-1000-12288.dat
+ 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\49321.msi
+ 2012-05-24 02:42 . 2012-05-24 02:42 223232 c:\windows\Installer\31f28f.msi
- 2009-07-14 04:45 . 2012-05-13 19:22 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-26 01:59 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-24 02:39 . 2012-05-24 02:39 8449024 c:\windows\Installer\31f29e.msi
+ 2012-05-24 02:42 . 2012-05-24 02:42 2871808 c:\windows\Installer\31f29a.msi
+ 2012-05-24 02:42 . 2012-05-24 02:42 8544256 c:\windows\Installer\31f296.msi
+ 2011-10-24 01:57 . 2012-05-26 18:13 12198704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942724973-3254444484-952029406-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-24 02:43 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-24 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-24 1116544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-23 1131808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-09 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-24 932736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111146,17117,0,18,0
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j9oaapx3.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B16cb4537-2cfd-4f5f-b315-6331e012d835%7D&mid=9cef7b659b5947d092a3395874694888-14349aed15b5f8255a28dda60adf8a04244f4163&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-23%2021%3A43%3A58&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-26 20:53:15
ComboFix-quarantined-files.txt 2012-05-27 01:53
ComboFix2.txt 2012-05-24 02:23
.
Pre-Run: 110,115,479,552 bytes free
Post-Run: 110,093,008,896 bytes free
.
- - End Of File - - 51255611C8EB2735A624170167FF6663

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 26 May 2012 - 09:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 May 2012 - 09:10 PM

Here you go

21:04:23.0633 4536 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:04:23.0977 4536 ============================================================
21:04:23.0977 4536 Current date / time: 2012/05/26 21:04:23.0977
21:04:23.0977 4536 SystemInfo:
21:04:23.0977 4536
21:04:23.0977 4536 OS Version: 6.1.7601 ServicePack: 1.0
21:04:23.0977 4536 Product type: Workstation
21:04:23.0977 4536 ComputerName: OWNER-PC
21:04:23.0977 4536 UserName: Owner
21:04:23.0977 4536 Windows directory: C:\windows
21:04:23.0977 4536 System windows directory: C:\windows
21:04:23.0977 4536 Running under WOW64
21:04:23.0977 4536 Processor architecture: Intel x64
21:04:23.0977 4536 Number of processors: 4
21:04:23.0977 4536 Page size: 0x1000
21:04:23.0977 4536 Boot type: Normal boot
21:04:23.0977 4536 ============================================================
21:04:24.0460 4536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:24.0476 4536 ============================================================
21:04:24.0476 4536 \Device\Harddisk0\DR0:
21:04:24.0476 4536 MBR partitions:
21:04:24.0476 4536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
21:04:24.0476 4536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
21:04:24.0491 4536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
21:04:24.0491 4536 ============================================================
21:04:24.0585 4536 C: <-> \Device\Harddisk0\DR0\Partition1
21:04:24.0632 4536 D: <-> \Device\Harddisk0\DR0\Partition2
21:04:24.0632 4536 ============================================================
21:04:24.0632 4536 Initialize success
21:04:24.0632 4536 ============================================================
21:04:37.0564 4344 ============================================================
21:04:37.0564 4344 Scan started
21:04:37.0564 4344 Mode: Manual; SigCheck; TDLFS;
21:04:37.0564 4344 ============================================================
21:04:37.0939 4344 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:04:38.0001 4344 !SASCORE - ok
21:04:38.0219 4344 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:04:38.0282 4344 1394ohci - ok
21:04:38.0375 4344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:04:38.0407 4344 ACPI - ok
21:04:38.0422 4344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:04:38.0453 4344 AcpiPmi - ok
21:04:38.0516 4344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:04:38.0547 4344 adp94xx - ok
21:04:38.0609 4344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:04:38.0625 4344 adpahci - ok
21:04:38.0719 4344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:04:38.0750 4344 adpu320 - ok
21:04:38.0797 4344 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:04:38.0921 4344 AeLookupSvc - ok
21:04:38.0984 4344 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:04:39.0015 4344 AFD - ok
21:04:39.0109 4344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:04:39.0124 4344 agp440 - ok
21:04:39.0171 4344 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:04:39.0202 4344 ALG - ok
21:04:39.0249 4344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:04:39.0280 4344 aliide - ok
21:04:39.0280 4344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:04:39.0296 4344 amdide - ok
21:04:39.0311 4344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:04:39.0343 4344 AmdK8 - ok
21:04:39.0343 4344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:04:39.0358 4344 AmdPPM - ok
21:04:39.0389 4344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:04:39.0405 4344 amdsata - ok
21:04:39.0499 4344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:04:39.0530 4344 amdsbs - ok
21:04:39.0561 4344 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:04:39.0577 4344 amdxata - ok
21:04:39.0608 4344 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:04:39.0686 4344 AppID - ok
21:04:39.0717 4344 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:04:39.0764 4344 AppIDSvc - ok
21:04:39.0795 4344 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:04:39.0842 4344 Appinfo - ok
21:04:40.0013 4344 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:40.0029 4344 Apple Mobile Device - ok
21:04:40.0154 4344 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:04:40.0169 4344 arc - ok
21:04:40.0201 4344 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:04:40.0216 4344 arcsas - ok
21:04:40.0263 4344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:04:40.0325 4344 AsyncMac - ok
21:04:40.0357 4344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:04:40.0372 4344 atapi - ok
21:04:40.0528 4344 athr (16567ab05cd34f46d0dcbb129ca143c2) C:\windows\system32\DRIVERS\athrx.sys
21:04:40.0622 4344 athr - ok
21:04:40.0809 4344 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:04:40.0887 4344 AudioEndpointBuilder - ok
21:04:40.0903 4344 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:04:40.0949 4344 AudioSrv - ok
21:04:41.0308 4344 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:04:41.0402 4344 AVGIDSAgent - ok
21:04:41.0589 4344 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
21:04:41.0620 4344 AVGIDSDriver - ok
21:04:41.0651 4344 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
21:04:41.0667 4344 AVGIDSFilter - ok
21:04:41.0683 4344 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
21:04:41.0683 4344 AVGIDSHA - ok
21:04:41.0745 4344 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
21:04:41.0776 4344 Avgldx64 - ok
21:04:41.0807 4344 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
21:04:41.0807 4344 Avgmfx64 - ok
21:04:41.0917 4344 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
21:04:41.0932 4344 Avgrkx64 - ok
21:04:41.0979 4344 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
21:04:42.0010 4344 Avgtdia - ok
21:04:42.0104 4344 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:04:42.0119 4344 avgwd - ok
21:04:42.0166 4344 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:04:42.0213 4344 AxInstSV - ok
21:04:42.0260 4344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:04:42.0307 4344 b06bdrv - ok
21:04:42.0400 4344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:04:42.0431 4344 b57nd60a - ok
21:04:42.0509 4344 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:04:42.0541 4344 BBSvc - ok
21:04:42.0572 4344 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:04:42.0619 4344 BDESVC - ok
21:04:42.0650 4344 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:04:42.0712 4344 Beep - ok
21:04:42.0775 4344 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:04:42.0821 4344 BFE - ok
21:04:42.0884 4344 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
21:04:42.0946 4344 BITS - ok
21:04:43.0024 4344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:04:43.0055 4344 blbdrive - ok
21:04:43.0149 4344 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:04:43.0165 4344 Bonjour Service - ok
21:04:43.0211 4344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:04:43.0243 4344 bowser - ok
21:04:43.0274 4344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:04:43.0289 4344 BrFiltLo - ok
21:04:43.0289 4344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:04:43.0321 4344 BrFiltUp - ok
21:04:43.0383 4344 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:04:43.0461 4344 BridgeMP - ok
21:04:43.0492 4344 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:04:43.0555 4344 Browser - ok
21:04:43.0601 4344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:04:43.0633 4344 Brserid - ok
21:04:43.0648 4344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:04:43.0679 4344 BrSerWdm - ok
21:04:43.0679 4344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:04:43.0711 4344 BrUsbMdm - ok
21:04:43.0711 4344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:04:43.0726 4344 BrUsbSer - ok
21:04:43.0773 4344 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
21:04:43.0820 4344 BthEnum - ok
21:04:43.0835 4344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:04:43.0867 4344 BTHMODEM - ok
21:04:43.0898 4344 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
21:04:43.0929 4344 BthPan - ok
21:04:43.0991 4344 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
21:04:44.0038 4344 BTHPORT - ok
21:04:44.0085 4344 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:04:44.0147 4344 bthserv - ok
21:04:44.0194 4344 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
21:04:44.0225 4344 BTHUSB - ok
21:04:44.0288 4344 BTWAMPFL (9de56fa4533e485ae5409d3c11747143) C:\windows\system32\DRIVERS\btwampfl.sys
21:04:44.0319 4344 BTWAMPFL - ok
21:04:44.0350 4344 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys
21:04:44.0366 4344 btwaudio - ok
21:04:44.0397 4344 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
21:04:44.0428 4344 btwavdt - ok
21:04:44.0537 4344 btwdins (6f38e50cfb506991b9d51e0f134b0df7) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:04:44.0584 4344 btwdins - ok
21:04:44.0615 4344 btwl2cap (e8d2bcd080ea91e74775b9f5ea051f97) C:\windows\system32\DRIVERS\btwl2cap.sys
21:04:44.0631 4344 btwl2cap - ok
21:04:44.0647 4344 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
21:04:44.0662 4344 btwrchid - ok
21:04:44.0693 4344 catchme - ok
21:04:44.0740 4344 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:04:44.0818 4344 cdfs - ok
21:04:44.0849 4344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:04:44.0881 4344 cdrom - ok
21:04:44.0927 4344 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:04:44.0974 4344 CertPropSvc - ok
21:04:45.0021 4344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:04:45.0052 4344 circlass - ok
21:04:45.0083 4344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:04:45.0115 4344 CLFS - ok
21:04:45.0177 4344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:45.0193 4344 clr_optimization_v2.0.50727_32 - ok
21:04:45.0255 4344 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:04:45.0271 4344 clr_optimization_v2.0.50727_64 - ok
21:04:45.0364 4344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:45.0395 4344 clr_optimization_v4.0.30319_32 - ok
21:04:45.0442 4344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:04:45.0458 4344 clr_optimization_v4.0.30319_64 - ok
21:04:45.0489 4344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:04:45.0520 4344 CmBatt - ok
21:04:45.0551 4344 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:04:45.0567 4344 cmdide - ok
21:04:45.0629 4344 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:04:45.0661 4344 CNG - ok
21:04:45.0692 4344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:04:45.0707 4344 Compbatt - ok
21:04:45.0723 4344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:04:45.0754 4344 CompositeBus - ok
21:04:45.0770 4344 COMSysApp - ok
21:04:45.0785 4344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:04:45.0801 4344 crcdisk - ok
21:04:45.0848 4344 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:04:45.0926 4344 CryptSvc - ok
21:04:46.0051 4344 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:04:46.0082 4344 cvhsvc - ok
21:04:46.0160 4344 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:04:46.0238 4344 DcomLaunch - ok
21:04:46.0300 4344 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:04:46.0363 4344 defragsvc - ok
21:04:46.0425 4344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:04:46.0487 4344 DfsC - ok
21:04:46.0550 4344 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:04:46.0612 4344 Dhcp - ok
21:04:46.0643 4344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:04:46.0706 4344 discache - ok
21:04:46.0753 4344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:04:46.0784 4344 Disk - ok
21:04:46.0815 4344 dlcg_device - ok
21:04:46.0846 4344 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:04:46.0862 4344 Dnscache - ok
21:04:46.0909 4344 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:04:46.0955 4344 dot3svc - ok
21:04:46.0987 4344 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:04:47.0049 4344 DPS - ok
21:04:47.0080 4344 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:04:47.0111 4344 drmkaud - ok
21:04:47.0174 4344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:04:47.0221 4344 DXGKrnl - ok
21:04:47.0252 4344 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:04:47.0283 4344 EapHost - ok
21:04:47.0486 4344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:04:47.0548 4344 ebdrv - ok
21:04:47.0642 4344 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:04:47.0673 4344 EFS - ok
21:04:47.0751 4344 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:04:47.0798 4344 ehRecvr - ok
21:04:47.0813 4344 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:04:47.0845 4344 ehSched - ok
21:04:47.0938 4344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:04:47.0969 4344 elxstor - ok
21:04:47.0985 4344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:04:48.0016 4344 ErrDev - ok
21:04:48.0063 4344 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\windows\system32\DRIVERS\ETD.sys
21:04:48.0094 4344 ETD - ok
21:04:48.0141 4344 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:04:48.0203 4344 EventSystem - ok
21:04:48.0266 4344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:04:48.0328 4344 exfat - ok
21:04:48.0359 4344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:04:48.0391 4344 fastfat - ok
21:04:48.0469 4344 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:04:48.0500 4344 Fax - ok
21:04:48.0515 4344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:04:48.0531 4344 fdc - ok
21:04:48.0578 4344 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:04:48.0640 4344 fdPHost - ok
21:04:48.0656 4344 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:04:48.0718 4344 FDResPub - ok
21:04:48.0734 4344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:04:48.0749 4344 FileInfo - ok
21:04:48.0781 4344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:04:48.0812 4344 Filetrace - ok
21:04:48.0827 4344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:04:48.0843 4344 flpydisk - ok
21:04:48.0859 4344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:04:48.0874 4344 FltMgr - ok
21:04:48.0952 4344 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:04:48.0983 4344 FontCache - ok
21:04:49.0077 4344 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:04:49.0093 4344 FontCache3.0.0.0 - ok
21:04:49.0139 4344 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:04:49.0171 4344 FsDepends - ok
21:04:49.0233 4344 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:04:49.0249 4344 Fs_Rec - ok
21:04:49.0280 4344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:04:49.0295 4344 fvevol - ok
21:04:49.0327 4344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:04:49.0327 4344 gagp30kx - ok
21:04:49.0358 4344 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:49.0373 4344 GEARAspiWDM - ok
21:04:49.0451 4344 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:04:49.0529 4344 gpsvc - ok
21:04:49.0561 4344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:04:49.0576 4344 hcw85cir - ok
21:04:49.0623 4344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:04:49.0685 4344 HdAudAddService - ok
21:04:49.0701 4344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:04:49.0748 4344 HDAudBus - ok
21:04:49.0779 4344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:04:49.0810 4344 HidBatt - ok
21:04:49.0826 4344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:04:49.0857 4344 HidBth - ok
21:04:49.0857 4344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:04:49.0873 4344 HidIr - ok
21:04:49.0904 4344 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:04:49.0966 4344 hidserv - ok
21:04:49.0997 4344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:04:50.0013 4344 HidUsb - ok
21:04:50.0075 4344 hitmanpro35 (44f92c1f913e582bef9cac66443c6230) C:\windows\system32\drivers\hitmanpro36.sys
21:04:50.0091 4344 hitmanpro35 - ok
21:04:50.0138 4344 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:04:50.0200 4344 hkmsvc - ok
21:04:50.0247 4344 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:04:50.0263 4344 HomeGroupListener - ok
21:04:50.0309 4344 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:04:50.0341 4344 HomeGroupProvider - ok
21:04:50.0387 4344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:04:50.0403 4344 HpSAMD - ok
21:04:50.0450 4344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:04:50.0528 4344 HTTP - ok
21:04:50.0559 4344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:04:50.0575 4344 hwpolicy - ok
21:04:50.0621 4344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:04:50.0637 4344 i8042prt - ok
21:04:50.0715 4344 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
21:04:50.0746 4344 iaStor - ok
21:04:50.0809 4344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:04:50.0840 4344 iaStorV - ok
21:04:50.0965 4344 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:04:50.0996 4344 idsvc - ok
21:04:51.0511 4344 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
21:04:51.0682 4344 igfx - ok
21:04:51.0823 4344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:04:51.0838 4344 iirsp - ok
21:04:51.0901 4344 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:04:51.0947 4344 IKEEXT - ok
21:04:51.0994 4344 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
21:04:52.0025 4344 Impcd - ok
21:04:52.0197 4344 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\windows\system32\drivers\RTKVHD64.sys
21:04:52.0244 4344 IntcAzAudAddService - ok
21:04:52.0384 4344 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
21:04:52.0415 4344 IntcDAud - ok
21:04:52.0447 4344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:04:52.0462 4344 intelide - ok
21:04:52.0493 4344 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:04:52.0525 4344 intelppm - ok
21:04:52.0571 4344 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:04:52.0649 4344 IPBusEnum - ok
21:04:52.0665 4344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:04:52.0712 4344 IpFilterDriver - ok
21:04:52.0759 4344 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:04:52.0805 4344 iphlpsvc - ok
21:04:52.0821 4344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:04:52.0852 4344 IPMIDRV - ok
21:04:52.0868 4344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:04:52.0915 4344 IPNAT - ok
21:04:53.0024 4344 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:04:53.0071 4344 iPod Service - ok
21:04:53.0086 4344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:04:53.0117 4344 IRENUM - ok
21:04:53.0149 4344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:04:53.0164 4344 isapnp - ok
21:04:53.0195 4344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:04:53.0211 4344 iScsiPrt - ok
21:04:53.0242 4344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:04:53.0242 4344 kbdclass - ok
21:04:53.0273 4344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:04:53.0305 4344 kbdhid - ok
21:04:53.0351 4344 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:04:53.0367 4344 KeyIso - ok
21:04:53.0383 4344 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:04:53.0398 4344 KSecDD - ok
21:04:53.0429 4344 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:04:53.0445 4344 KSecPkg - ok
21:04:53.0476 4344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:04:53.0539 4344 ksthunk - ok
21:04:53.0585 4344 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:04:53.0663 4344 KtmRm - ok
21:04:53.0726 4344 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
21:04:53.0788 4344 LanmanServer - ok
21:04:53.0819 4344 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:04:53.0882 4344 LanmanWorkstation - ok
21:04:54.0256 4344 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
21:04:54.0365 4344 LeapFrog Connect Device Service - ok
21:04:54.0475 4344 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
21:04:54.0490 4344 Leapfrog-USBLAN - ok
21:04:54.0537 4344 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:04:54.0615 4344 lltdio - ok
21:04:54.0646 4344 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:04:54.0709 4344 lltdsvc - ok
21:04:54.0709 4344 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:04:54.0755 4344 lmhosts - ok
21:04:54.0787 4344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:04:54.0802 4344 LSI_FC - ok
21:04:54.0833 4344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:04:54.0849 4344 LSI_SAS - ok
21:04:54.0865 4344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:04:54.0880 4344 LSI_SAS2 - ok
21:04:54.0911 4344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:04:54.0927 4344 LSI_SCSI - ok
21:04:54.0958 4344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:04:55.0021 4344 luafv - ok
21:04:55.0067 4344 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:04:55.0083 4344 Mcx2Svc - ok
21:04:55.0099 4344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:04:55.0114 4344 megasas - ok
21:04:55.0145 4344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:04:55.0161 4344 MegaSR - ok
21:04:55.0208 4344 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:04:55.0286 4344 MMCSS - ok
21:04:55.0301 4344 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:04:55.0348 4344 Modem - ok
21:04:55.0379 4344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:04:55.0426 4344 monitor - ok
21:04:55.0457 4344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:04:55.0457 4344 mouclass - ok
21:04:55.0489 4344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:04:55.0520 4344 mouhid - ok
21:04:55.0535 4344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:04:55.0551 4344 mountmgr - ok
21:04:55.0645 4344 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:04:55.0676 4344 MozillaMaintenance - ok
21:04:55.0707 4344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:04:55.0723 4344 mpio - ok
21:04:55.0754 4344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:04:55.0785 4344 mpsdrv - ok
21:04:55.0847 4344 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:04:55.0925 4344 MpsSvc - ok
21:04:55.0941 4344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:04:56.0019 4344 MRxDAV - ok
21:04:56.0035 4344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:04:56.0066 4344 mrxsmb - ok
21:04:56.0097 4344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:04:56.0113 4344 mrxsmb10 - ok
21:04:56.0144 4344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:04:56.0144 4344 mrxsmb20 - ok
21:04:56.0175 4344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:04:56.0191 4344 msahci - ok
21:04:56.0222 4344 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:04:56.0222 4344 msdsm - ok
21:04:56.0253 4344 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:04:56.0284 4344 MSDTC - ok
21:04:56.0315 4344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:04:56.0362 4344 Msfs - ok
21:04:56.0393 4344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:04:56.0456 4344 mshidkmdf - ok
21:04:56.0471 4344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:04:56.0487 4344 msisadrv - ok
21:04:56.0503 4344 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:04:56.0565 4344 MSiSCSI - ok
21:04:56.0565 4344 msiserver - ok
21:04:56.0581 4344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:04:56.0643 4344 MSKSSRV - ok
21:04:56.0643 4344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:04:56.0674 4344 MSPCLOCK - ok
21:04:56.0690 4344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:04:56.0737 4344 MSPQM - ok
21:04:56.0752 4344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:04:56.0768 4344 MsRPC - ok
21:04:56.0799 4344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:04:56.0815 4344 mssmbios - ok
21:04:56.0846 4344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:04:56.0893 4344 MSTEE - ok
21:04:56.0893 4344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:04:56.0924 4344 MTConfig - ok
21:04:56.0939 4344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:04:56.0955 4344 Mup - ok
21:04:56.0986 4344 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:04:57.0049 4344 napagent - ok
21:04:57.0111 4344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:04:57.0158 4344 NativeWifiP - ok
21:04:57.0220 4344 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
21:04:57.0267 4344 NDIS - ok
21:04:57.0298 4344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:04:57.0345 4344 NdisCap - ok
21:04:57.0376 4344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:04:57.0423 4344 NdisTapi - ok
21:04:57.0454 4344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:04:57.0501 4344 Ndisuio - ok
21:04:57.0517 4344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:04:57.0579 4344 NdisWan - ok
21:04:57.0595 4344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:04:57.0641 4344 NDProxy - ok
21:04:57.0673 4344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:04:57.0719 4344 NetBIOS - ok
21:04:57.0751 4344 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:04:57.0782 4344 NetBT - ok
21:04:57.0829 4344 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:04:57.0844 4344 Netlogon - ok
21:04:57.0891 4344 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:04:57.0953 4344 Netman - ok
21:04:57.0985 4344 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:04:58.0063 4344 netprofm - ok
21:04:58.0156 4344 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:04:58.0172 4344 NetTcpPortSharing - ok
21:04:58.0219 4344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:04:58.0234 4344 nfrd960 - ok
21:04:58.0281 4344 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:04:58.0359 4344 NlaSvc - ok
21:04:58.0577 4344 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:04:58.0640 4344 NOBU - ok
21:04:58.0749 4344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:04:58.0811 4344 Npfs - ok
21:04:58.0858 4344 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:04:58.0905 4344 nsi - ok
21:04:58.0921 4344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:04:58.0983 4344 nsiproxy - ok
21:04:59.0092 4344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:04:59.0123 4344 Ntfs - ok
21:04:59.0233 4344 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:04:59.0311 4344 Null - ok
21:04:59.0357 4344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:04:59.0389 4344 nvraid - ok
21:04:59.0420 4344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:04:59.0435 4344 nvstor - ok
21:04:59.0482 4344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:04:59.0498 4344 nv_agp - ok
21:04:59.0498 4344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:04:59.0529 4344 ohci1394 - ok
21:04:59.0638 4344 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:04:59.0654 4344 ose - ok
21:04:59.0935 4344 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:05:00.0028 4344 osppsvc - ok
21:05:00.0137 4344 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:05:00.0184 4344 p2pimsvc - ok
21:05:00.0215 4344 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:05:00.0247 4344 p2psvc - ok
21:05:00.0325 4344 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:05:00.0340 4344 Parport - ok
21:05:00.0371 4344 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
21:05:00.0387 4344 partmgr - ok
21:05:00.0434 4344 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:05:00.0481 4344 PcaSvc - ok
21:05:00.0496 4344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:05:00.0527 4344 pci - ok
21:05:00.0543 4344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:05:00.0543 4344 pciide - ok
21:05:00.0574 4344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:05:00.0574 4344 pcmcia - ok
21:05:00.0605 4344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:05:00.0605 4344 pcw - ok
21:05:00.0668 4344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:05:00.0777 4344 PEAUTH - ok
21:05:00.0855 4344 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:05:00.0902 4344 PerfHost - ok
21:05:00.0995 4344 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:05:01.0073 4344 pla - ok
21:05:01.0136 4344 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:05:01.0183 4344 PlugPlay - ok
21:05:01.0198 4344 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:05:01.0229 4344 PNRPAutoReg - ok
21:05:01.0261 4344 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:05:01.0276 4344 PNRPsvc - ok
21:05:01.0307 4344 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:05:01.0370 4344 PolicyAgent - ok
21:05:01.0401 4344 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:05:01.0448 4344 Power - ok
21:05:01.0526 4344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:05:01.0588 4344 PptpMiniport - ok
21:05:01.0604 4344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:05:01.0619 4344 Processor - ok
21:05:01.0651 4344 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:05:01.0713 4344 ProfSvc - ok
21:05:01.0744 4344 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:05:01.0760 4344 ProtectedStorage - ok
21:05:01.0791 4344 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:05:01.0838 4344 Psched - ok
21:05:01.0916 4344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:05:01.0963 4344 ql2300 - ok
21:05:02.0087 4344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:05:02.0103 4344 ql40xx - ok
21:05:02.0134 4344 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:05:02.0165 4344 QWAVE - ok
21:05:02.0197 4344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:05:02.0228 4344 QWAVEdrv - ok
21:05:02.0228 4344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:05:02.0275 4344 RasAcd - ok
21:05:02.0306 4344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:05:02.0353 4344 RasAgileVpn - ok
21:05:02.0368 4344 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:05:02.0446 4344 RasAuto - ok
21:05:02.0477 4344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:05:02.0540 4344 Rasl2tp - ok
21:05:02.0571 4344 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:05:02.0633 4344 RasMan - ok
21:05:02.0649 4344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:05:02.0711 4344 RasPppoe - ok
21:05:02.0743 4344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:05:02.0789 4344 RasSstp - ok
21:05:02.0821 4344 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:05:02.0899 4344 rdbss - ok
21:05:02.0914 4344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:05:02.0945 4344 rdpbus - ok
21:05:02.0961 4344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:05:02.0992 4344 RDPCDD - ok
21:05:03.0023 4344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:05:03.0055 4344 RDPENCDD - ok
21:05:03.0070 4344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:05:03.0117 4344 RDPREFMP - ok
21:05:03.0164 4344 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:05:03.0211 4344 RDPWD - ok
21:05:03.0242 4344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:05:03.0273 4344 rdyboost - ok
21:05:03.0304 4344 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:05:03.0367 4344 RemoteAccess - ok
21:05:03.0398 4344 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:05:03.0460 4344 RemoteRegistry - ok
21:05:03.0491 4344 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
21:05:03.0523 4344 RFCOMM - ok
21:05:03.0569 4344 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
21:05:03.0601 4344 RimUsb - ok
21:05:03.0632 4344 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:05:03.0679 4344 RpcEptMapper - ok
21:05:03.0694 4344 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:05:03.0710 4344 RpcLocator - ok
21:05:03.0741 4344 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:05:03.0803 4344 RpcSs - ok
21:05:03.0850 4344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:05:03.0913 4344 rspndr - ok
21:05:03.0944 4344 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
21:05:03.0959 4344 RTL8167 - ok
21:05:04.0084 4344 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
21:05:04.0100 4344 rtport - ok
21:05:04.0131 4344 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
21:05:04.0162 4344 SABI - ok
21:05:04.0193 4344 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:05:04.0209 4344 SamSs - ok
21:05:04.0303 4344 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:05:04.0318 4344 SASDIFSV - ok
21:05:04.0334 4344 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:05:04.0334 4344 SASKUTIL - ok
21:05:04.0365 4344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:05:04.0381 4344 sbp2port - ok
21:05:04.0412 4344 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:05:04.0474 4344 SCardSvr - ok
21:05:04.0505 4344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:05:04.0552 4344 scfilter - ok
21:05:04.0615 4344 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:05:04.0693 4344 Schedule - ok
21:05:04.0724 4344 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:05:04.0771 4344 SCPolicySvc - ok
21:05:04.0786 4344 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:05:04.0802 4344 SDRSVC - ok
21:05:04.0895 4344 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:05:04.0927 4344 SeaPort - ok
21:05:04.0989 4344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:05:05.0051 4344 secdrv - ok
21:05:05.0083 4344 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:05:05.0129 4344 seclogon - ok
21:05:05.0176 4344 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:05:05.0254 4344 SENS - ok
21:05:05.0270 4344 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:05:05.0301 4344 SensrSvc - ok
21:05:05.0317 4344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:05:05.0348 4344 Serenum - ok
21:05:05.0363 4344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:05:05.0379 4344 Serial - ok
21:05:05.0395 4344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:05:05.0426 4344 sermouse - ok
21:05:05.0473 4344 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:05:05.0519 4344 SessionEnv - ok
21:05:05.0535 4344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:05:05.0551 4344 sffdisk - ok
21:05:05.0551 4344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:05:05.0582 4344 sffp_mmc - ok
21:05:05.0582 4344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:05:05.0597 4344 sffp_sd - ok
21:05:05.0613 4344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:05:05.0629 4344 sfloppy - ok
21:05:05.0691 4344 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:05:05.0722 4344 Sftfs - ok
21:05:05.0831 4344 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:05:05.0863 4344 sftlist - ok
21:05:05.0925 4344 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:05:05.0941 4344 Sftplay - ok
21:05:05.0956 4344 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:05:05.0972 4344 Sftredir - ok
21:05:05.0987 4344 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:05:05.0987 4344 Sftvol - ok
21:05:06.0097 4344 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:05:06.0112 4344 sftvsa - ok
21:05:06.0190 4344 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:05:06.0315 4344 SharedAccess - ok
21:05:06.0362 4344 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:05:06.0424 4344 ShellHWDetection - ok
21:05:06.0471 4344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:05:06.0471 4344 SiSRaid2 - ok
21:05:06.0487 4344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:05:06.0502 4344 SiSRaid4 - ok
21:05:06.0596 4344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:05:06.0658 4344 Smb - ok
21:05:06.0705 4344 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:05:06.0799 4344 SNMPTRAP - ok
21:05:06.0830 4344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:05:06.0830 4344 spldr - ok
21:05:06.0877 4344 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:05:06.0923 4344 Spooler - ok
21:05:07.0126 4344 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:05:07.0235 4344 sppsvc - ok
21:05:07.0376 4344 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:05:07.0454 4344 sppuinotify - ok
21:05:07.0516 4344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:05:07.0532 4344 srv - ok
21:05:07.0594 4344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:05:07.0625 4344 srv2 - ok
21:05:07.0657 4344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:05:07.0688 4344 srvnet - ok
21:05:07.0735 4344 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:05:07.0797 4344 SSDPSRV - ok
21:05:07.0859 4344 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
21:05:07.0875 4344 SSPORT - ok
21:05:07.0891 4344 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:05:07.0937 4344 SstpSvc - ok
21:05:07.0969 4344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:05:07.0969 4344 stexstor - ok
21:05:08.0047 4344 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:05:08.0078 4344 stisvc - ok
21:05:08.0093 4344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:05:08.0109 4344 swenum - ok
21:05:08.0171 4344 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:05:08.0218 4344 swprv - ok
21:05:08.0312 4344 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:05:08.0390 4344 SysMain - ok
21:05:08.0483 4344 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:05:08.0515 4344 TabletInputService - ok
21:05:08.0546 4344 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:05:08.0608 4344 TapiSrv - ok
21:05:08.0624 4344 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:05:08.0686 4344 TBS - ok
21:05:08.0842 4344 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
21:05:08.0905 4344 Tcpip - ok
21:05:09.0123 4344 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
21:05:09.0201 4344 TCPIP6 - ok
21:05:09.0326 4344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:05:09.0388 4344 tcpipreg - ok
21:05:09.0404 4344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:05:09.0419 4344 TDPIPE - ok
21:05:09.0451 4344 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:05:09.0482 4344 TDTCP - ok
21:05:09.0497 4344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:05:09.0529 4344 tdx - ok
21:05:09.0560 4344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:05:09.0575 4344 TermDD - ok
21:05:09.0638 4344 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:05:09.0700 4344 TermService - ok
21:05:09.0716 4344 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:05:09.0747 4344 Themes - ok
21:05:09.0778 4344 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:05:09.0841 4344 THREADORDER - ok
21:05:09.0856 4344 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:05:09.0919 4344 TrkWks - ok
21:05:09.0981 4344 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:05:10.0043 4344 TrustedInstaller - ok
21:05:10.0075 4344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:05:10.0121 4344 tssecsrv - ok
21:05:10.0153 4344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:05:10.0168 4344 TsUsbFlt - ok
21:05:10.0184 4344 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:05:10.0215 4344 TsUsbGD - ok
21:05:10.0246 4344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:05:10.0293 4344 tunnel - ok
21:05:10.0324 4344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:05:10.0324 4344 uagp35 - ok
21:05:10.0340 4344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:05:10.0402 4344 udfs - ok
21:05:10.0433 4344 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:05:10.0449 4344 UI0Detect - ok
21:05:10.0465 4344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:05:10.0480 4344 uliagpkx - ok
21:05:10.0511 4344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:05:10.0543 4344 umbus - ok
21:05:10.0558 4344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:05:10.0574 4344 UmPass - ok
21:05:10.0621 4344 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:05:10.0667 4344 upnphost - ok
21:05:10.0730 4344 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
21:05:10.0745 4344 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:05:10.0745 4344 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:05:10.0777 4344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:05:10.0808 4344 usbccgp - ok
21:05:10.0839 4344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:05:10.0870 4344 usbcir - ok
21:05:10.0886 4344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:05:10.0901 4344 usbehci - ok
21:05:10.0933 4344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:05:10.0964 4344 usbhub - ok
21:05:10.0995 4344 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:05:11.0011 4344 usbohci - ok
21:05:11.0042 4344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:05:11.0073 4344 usbprint - ok
21:05:11.0120 4344 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:05:11.0135 4344 usbscan - ok
21:05:11.0167 4344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:05:11.0198 4344 USBSTOR - ok
21:05:11.0213 4344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:05:11.0245 4344 usbuhci - ok
21:05:11.0291 4344 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:05:11.0338 4344 usbvideo - ok
21:05:11.0354 4344 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:05:11.0416 4344 UxSms - ok
21:05:11.0432 4344 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:05:11.0447 4344 VaultSvc - ok
21:05:11.0494 4344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:05:11.0510 4344 vdrvroot - ok
21:05:11.0572 4344 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:05:11.0635 4344 vds - ok
21:05:11.0666 4344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:05:11.0697 4344 vga - ok
21:05:11.0728 4344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:05:11.0775 4344 VgaSave - ok
21:05:11.0806 4344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:05:11.0822 4344 vhdmp - ok
21:05:11.0837 4344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:05:11.0853 4344 viaide - ok
21:05:11.0869 4344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:05:11.0869 4344 volmgr - ok
21:05:11.0900 4344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:05:11.0915 4344 volmgrx - ok
21:05:11.0931 4344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:05:11.0947 4344 volsnap - ok
21:05:12.0009 4344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:05:12.0040 4344 vsmraid - ok
21:05:12.0149 4344 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:05:12.0243 4344 VSS - ok
21:05:12.0352 4344 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
21:05:12.0399 4344 vToolbarUpdater11.0.2 - ok
21:05:12.0493 4344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:05:12.0524 4344 vwifibus - ok
21:05:12.0555 4344 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
21:05:12.0571 4344 vwififlt - ok
21:05:12.0586 4344 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
21:05:12.0617 4344 vwifimp - ok
21:05:12.0680 4344 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:05:12.0742 4344 W32Time - ok
21:05:12.0773 4344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:05:12.0805 4344 WacomPen - ok
21:05:12.0851 4344 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:05:12.0914 4344 WANARP - ok
21:05:12.0914 4344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:05:12.0961 4344 Wanarpv6 - ok
21:05:13.0070 4344 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:05:13.0101 4344 WatAdminSvc - ok
21:05:13.0195 4344 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:05:13.0241 4344 wbengine - ok
21:05:13.0351 4344 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:05:13.0397 4344 WbioSrvc - ok
21:05:13.0429 4344 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:05:13.0475 4344 wcncsvc - ok
21:05:13.0491 4344 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:05:13.0507 4344 WcsPlugInService - ok
21:05:13.0569 4344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:05:13.0585 4344 Wd - ok
21:05:13.0631 4344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:05:13.0647 4344 Wdf01000 - ok
21:05:13.0678 4344 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:05:13.0741 4344 WdiServiceHost - ok
21:05:13.0741 4344 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:05:13.0756 4344 WdiSystemHost - ok
21:05:13.0787 4344 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:05:13.0819 4344 WebClient - ok
21:05:13.0850 4344 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:05:13.0928 4344 Wecsvc - ok
21:05:13.0943 4344 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:05:13.0990 4344 wercplsupport - ok
21:05:14.0006 4344 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:05:14.0053 4344 WerSvc - ok
21:05:14.0115 4344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:05:14.0177 4344 WfpLwf - ok
21:05:14.0193 4344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:05:14.0209 4344 WIMMount - ok
21:05:14.0240 4344 WinDefend - ok
21:05:14.0240 4344 WinHttpAutoProxySvc - ok
21:05:14.0318 4344 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:05:14.0380 4344 Winmgmt - ok
21:05:14.0505 4344 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:05:14.0583 4344 WinRM - ok
21:05:14.0723 4344 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:05:14.0770 4344 WinUsb - ok
21:05:14.0833 4344 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:05:14.0864 4344 Wlansvc - ok
21:05:14.0942 4344 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:05:14.0957 4344 wlcrasvc - ok
21:05:15.0145 4344 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:05:15.0191 4344 wlidsvc - ok
21:05:15.0285 4344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:05:15.0316 4344 WmiAcpi - ok
21:05:15.0347 4344 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:05:15.0363 4344 wmiApSrv - ok
21:05:15.0410 4344 WMPNetworkSvc - ok
21:05:15.0441 4344 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:05:15.0457 4344 WPCSvc - ok
21:05:15.0488 4344 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:05:15.0503 4344 WPDBusEnum - ok
21:05:15.0519 4344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:05:15.0566 4344 ws2ifsl - ok
21:05:15.0581 4344 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
21:05:15.0613 4344 wscsvc - ok
21:05:15.0613 4344 WSearch - ok
21:05:15.0753 4344 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:05:15.0847 4344 wuauserv - ok
21:05:15.0956 4344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:05:16.0018 4344 WudfPf - ok
21:05:16.0065 4344 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:05:16.0096 4344 WUDFRd - ok
21:05:16.0127 4344 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:05:16.0174 4344 wudfsvc - ok
21:05:16.0190 4344 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:05:16.0221 4344 WwanSvc - ok
21:05:16.0268 4344 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
21:05:16.0346 4344 yukonw7 - ok
21:05:16.0393 4344 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
21:05:16.0798 4344 \Device\Harddisk0\DR0 - ok
21:05:16.0814 4344 Boot (0x1200) (d86296289dfe272b6ddfc3a38aad5bac) \Device\Harddisk0\DR0\Partition0
21:05:16.0814 4344 \Device\Harddisk0\DR0\Partition0 - ok
21:05:16.0829 4344 Boot (0x1200) (4218cf2e71e09223979976e617bfc780) \Device\Harddisk0\DR0\Partition1
21:05:16.0829 4344 \Device\Harddisk0\DR0\Partition1 - ok
21:05:16.0861 4344 Boot (0x1200) (6af1510be2cad020bf847144c772e974) \Device\Harddisk0\DR0\Partition2
21:05:16.0861 4344 \Device\Harddisk0\DR0\Partition2 - ok
21:05:16.0861 4344 ============================================================
21:05:16.0861 4344 Scan finished
21:05:16.0861 4344 ============================================================
21:05:16.0876 2236 Detected object count: 1
21:05:16.0876 2236 Actual detected object count: 1
21:05:23.0865 2236 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:23.0865 2236 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 21:08:17
-----------------------------
21:08:17.247 OS Version: Windows x64 6.1.7601 Service Pack 1
21:08:17.247 Number of processors: 4 586 0x2505
21:08:17.247 ComputerName: OWNER-PC UserName: Owner
21:08:17.871 Initialize success
21:09:15.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:09:15.083 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 476940MB BusType: 3
21:09:15.083 Disk 0 MBR read successfully
21:09:15.098 Disk 0 MBR scan
21:09:15.098 Disk 0 unknown MBR code
21:09:15.114 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
21:09:15.130 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
21:09:15.145 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 183296 MB offset 42149888
21:09:15.145 Disk 0 Partition - 00 0F Extended LBA 273062 MB offset 417540096
21:09:15.239 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273061 MB offset 417542144
21:09:15.254 Disk 0 scanning C:\windows\system32\drivers
21:09:20.683 Service scanning
21:09:34.380 Modules scanning
21:09:34.396 Disk 0 trace - called modules:
21:09:34.942 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:09:34.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800444c760]
21:09:34.957 3 CLASSPNP.SYS[fffff880010ad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800433a050]
21:09:34.957 Scan finished successfully
21:10:03.708 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
21:10:03.724 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 27 May 2012 - 07:20 AM

Greetings

In what browsers are the redirects happen in - please verify all browsers that are installed on the computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 May 2012 - 09:10 AM

I use Explorere and Firefox. I have not gotten it to redirect so it may be fixed? It is getting bogged down though, maybe from all of the programs i have downloaded lately?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 27 May 2012 - 10:12 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 May 2012 - 01:51 PM

Thank you again. When i dragged the text file over combofix updated/redownloaded but i am assuming the text file look on the new download/update. Attached is the repot.

ComboFix 12-05-27.02 - Owner 05/27/2012 13:38:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2598 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 18:44 . 2012-05-27 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 14:33 . 2012-05-26 14:33 -------- d-----w- c:\program files\CCleaner
2012-05-26 14:28 . 2012-05-26 14:31 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-26 14:27 . 2012-05-26 14:28 -------- d-----w- c:\programdata\HitmanPro
2012-05-26 02:24 . 2012-05-26 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-26 02:23 . 2012-05-26 02:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-26 02:23 . 2012-05-26 02:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-26 01:07 . 2012-05-26 02:04 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-05-24 02:45 . 2012-05-24 02:45 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2012
2012-05-24 02:44 . 2012-05-24 02:44 -------- d-----w- c:\users\Owner\AppData\Local\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:44 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:44 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:43 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-05-24 02:43 . 2012-05-24 02:43 -------- d--h--w- c:\programdata\Common Files
2012-05-24 02:43 . 2012-05-24 02:43 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-24 02:43 . 2012-05-27 13:56 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-24 02:43 . 2012-05-24 02:54 -------- d-----w- c:\programdata\AVG2012
2012-05-24 02:43 . 2012-05-24 02:43 -------- d-----w- C:\$AVG
2012-05-24 02:42 . 2012-05-24 02:42 -------- d-----w- c:\program files (x86)\AVG
2012-05-24 02:39 . 2012-05-27 13:56 -------- d-----w- c:\programdata\MFAData
2012-05-24 01:17 . 2012-05-24 01:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-24 01:16 . 2012-05-24 01:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 01:16 . 2012-05-24 01:16 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 01:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 00:52 . 2012-05-24 00:52 -------- d-----w- C:\7Q8oXApf5tJT3di
2012-05-23 00:57 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27655880-FD32-45E9-B477-A1974FBF87EE}\mpengine.dll
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 01:16 . 2012-05-16 01:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 12:07 . 2012-05-14 12:07 -------- d-----w- c:\users\Owner\AppData\Local\{573F00A5-9DBD-11E1-826F-B8AC6F996F26}
2012-05-13 01:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 01:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 01:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 01:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 01:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 01:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 01:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 01:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 01:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 01:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 01:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 01:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 01:17 . 2012-05-09 01:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-09 01:17 . 2012-05-09 01:17 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 01:17 . 2012-05-09 01:17 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files\iPod
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files\iTunes
2012-05-03 02:12 . 2012-05-03 02:12 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-03 23:10 . 2012-03-03 23:10 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 06:46 . 2012-04-14 15:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-14 15:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-14 15:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-14 15:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-14 15:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-14 15:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 15:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-14 15:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-14 15:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-14 15:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-14 15:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-14 15:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-14 15:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-14 15:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-14 15:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_02.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-27 15:12 . 2012-05-27 15:12 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-24 01:47 . 2012-05-24 01:47 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-05-27 00:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-07 22:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-07 22:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 00:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 00:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-07 22:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-27 18:30 49432 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-27 18:30 45454 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-31 09:46 . 2012-01-31 09:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 18:32 . 2011-12-23 18:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 18:32 . 2011-12-23 18:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
- 2011-10-07 21:43 . 2012-05-03 02:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-07 21:43 . 2012-05-27 01:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-07 21:43 . 2012-05-03 02:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-07 21:43 . 2012-05-27 01:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 02:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 01:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-26 02:12 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-29 01:12 . 2012-05-26 02:03 3272 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-07 22:55 . 2012-05-27 18:30 9394 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2942724973-3254444484-952029406-1000_UserData.bin
- 2012-05-24 01:47 . 2012-05-24 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-27 18:28 . 2012-05-27 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-27 18:28 . 2012-05-27 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-24 01:47 . 2012-05-24 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-20 16:32 . 2012-05-27 11:49 114846 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-09-20 16:31 . 2012-05-27 14:53 267218 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-13 19:23 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-26 13:52 624856 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-13 19:23 106942 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-26 13:52 106942 c:\windows\system32\perfc009.dat
+ 2012-02-22 10:25 . 2012-02-22 10:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 18:31 . 2011-12-23 18:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
- 2009-07-14 05:01 . 2012-05-24 01:47 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-27 15:12 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-18 02:55 . 2012-05-26 03:14 405444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942724973-3254444484-952029406-1000-12288.dat
- 2011-10-18 02:55 . 2012-02-26 21:24 405444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942724973-3254444484-952029406-1000-12288.dat
+ 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\49321.msi
+ 2012-05-24 02:42 . 2012-05-24 02:42 223232 c:\windows\Installer\31f28f.msi
- 2009-07-14 04:45 . 2012-05-13 19:22 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-26 01:59 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-24 02:39 . 2012-05-24 02:39 8449024 c:\windows\Installer\31f29e.msi
+ 2012-05-24 02:42 . 2012-05-24 02:42 2871808 c:\windows\Installer\31f29a.msi
+ 2012-05-24 02:42 . 2012-05-24 02:42 8544256 c:\windows\Installer\31f296.msi
+ 2011-10-24 01:57 . 2012-05-27 15:12 12807296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2942724973-3254444484-952029406-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-24 02:43 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-24 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-24 1116544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-23 1131808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-09 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-24 932736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111146,17117,0,18,0
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j9oaapx3.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B16cb4537-2cfd-4f5f-b315-6331e012d835%7D&mid=9cef7b659b5947d092a3395874694888-14349aed15b5f8255a28dda60adf8a04244f4163&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-23%2021%3A43%3A58&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-27 13:47:35
ComboFix-quarantined-files.txt 2012-05-27 18:47
ComboFix2.txt 2012-05-27 01:53
ComboFix3.txt 2012-05-24 02:23
.
Pre-Run: 109,131,460,608 bytes free
Post-Run: 109,125,496,832 bytes free
.
- - End Of File - - 89395D9B5A7BDE5036852E90E5A4F574

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 27 May 2012 - 09:05 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 28 May 2012 - 12:42 PM

I am having some trouble running Hijack This. It says that my system dined write access to the Host file. Attached are the logs. Thanks again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:42 PM, on 5/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111146,17117,0,18,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: dlcg_device - Unknown owner - C:\windows\system32\dlcgcoms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10635 bytes


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:42 PM, on 5/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111146,17117,0,18,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: dlcg_device - Unknown owner - C:\windows\system32\dlcgcoms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10635 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 PM

Posted 28 May 2012 - 01:16 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hawkeyes360

hawkeyes360
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 28 May 2012 - 09:23 PM

Here you go. It said this was part of the malfos.u I am not sure what that means.


C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\Temp\muagf.dll.vir a variant of Win32/Medfos.U trojan
C:\Users\Owner\AppData\Local\{573F00A5-9DBD-11E1-826F-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users